Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Related bugs and status

CVE-2008-3906 (Candidate) is related to these bugs:

Bug #282952: Please merge mono 1.9.1+dfsg-4 from Debian Unstable

		In	Importance	Status
282952	Please merge mono 1.9.1+dfsg-4 from Debian Unstable	mono (Ubuntu)	Undecided	Fix Released
282952	Please merge mono 1.9.1+dfsg-4 from Debian Unstable	mono (Debian)	Unknown	Fix Released
282952	Please merge mono 1.9.1+dfsg-4 from Debian Unstable	mono (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008082...
CONFIRM: https://bugzilla.novel...
BID: 30867
SECUNIA: 31643
MANDRIVA: MDVSA-2008:210
CONFIRM: http://wiki.rpath.com/...
SECUNIA: 36494
VUPEN: ADV-2008-2443
XF: mono-sysweb-xss(44740)
UBUNTU: USN-826-1
BUGTRAQ: 20080930 rPSA-2008-028...