December 7, 2016

Mono 2.8.2 Fixes Source Code Disclosure Bug

MonoThe Mono Project have release Mono 2.8.2 which “contains an important security fix for users of ASP.NET”. The vulnerability, tagged CVE-2010-4225, allows under some circumstances ASP.NET applications to misbehave and return the source code (.aspx) of the application or any other file in the web application directory.

Affected are all 2.8.x versions of Mono. The components affected are the XSP web server and the mod_mono Apache module.

The Mono Project advise every Mono 2.8.xx user to upgrade to Mono 2.8.2 if they host web applications with it.