Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3382

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3382
Last Modified 04 Apr 2013 11:11:57
Published 12 Jul 2012 05:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3382

Summary

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

Vulnerable Systems

Application

  • Mono 2.10.8


References

CONFIRM - https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2

MISC - https://bugzilla.novell.com/show_bug.cgi?id=769799

MLIST - [oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page

SUSE - openSUSE-SU-2012:0974

MANDRIVA - MDVSA-2012:140

Related Patches

Novell SUSE 2012:6543 bytefx-data-mysql security update for SLE 11 SP2 i586

Novell SUSE 2012:6543 bytefx-data-mysql security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 11:02:11