Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3906

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3906
Last Modified 07 Mar 2011 10:11:37
Published 04 Sep 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3906

Summary

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Vulnerable Systems

Application

  • Mono 1.0

  • Mono 1.0.5

  • Mono 1.1.13

  • Mono 1.1.13.4

  • Mono 1.1.13.6

  • Mono 1.1.13.7

  • Mono 1.1.17

  • Mono 1.1.17.1

  • Mono 1.1.18

  • Mono 1.1.4

  • Mono 1.1.8.3

  • Mono 1.2.5.1

  • Mono Project Mono 1.2.1

  • Mono Project Mono 1.2.2

  • Mono Project Mono 1.2.3

  • Mono Project Mono 1.2.4

  • Mono Project Mono 1.2.5

  • Mono Project Mono 1.2.6

  • Mono Project Mono 1.9

  • Mono Project Mono 2.0


References

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=418620

XF - mono-sysweb-xss(44740)

VUPEN - ADV-2008-2443

UBUNTU - USN-826-1

BID - 30867

BUGTRAQ - 20080930 rPSA-2008-0286-1 mono

MLIST - [oss-security] 20080827 CVE request: mono Sys.Web header injection

MANDRIVA - MDVSA-2008:210

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286

SECUNIA - 36494

SECUNIA - 31643


Last Updated: 27 May 2016 10:48:20