CVE-2006-1391

high

Description

The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25418

https://exchange.xforce.ibmcloud.com/vulnerabilities/25417

http://www.vupen.com/english/advisories/2006/1088

http://www.vupen.com/english/advisories/2006/1085

http://www.securityfocus.com/bid/17222

http://www.securityfocus.com/archive/1/428667/100/0/threaded

http://www.osvdb.org/24100

http://www.osvdb.org/24099

http://securityreason.com/securityalert/624

http://secunia.com/secunia_research/2006-19/advisory/

http://secunia.com/advisories/19312

http://secunia.com/advisories/19306

Details

Source: Mitre, NVD

Published: 2006-03-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00879

Detections

Analytics