[Mono-bugs] [Bug 418620] New: Sys.Web is prone to "HTTP header injection" attacks
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Wed Aug 20 05:21:15 EDT 2008
https://bugzilla.novell.com/show_bug.cgi?id=418620
Summary: Sys.Web is prone to "HTTP header injection" attacks
Product: Mono: Class Libraries
Version: SVN
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Sys.Web
AssignedTo: mhabersack at novell.com
ReportedBy: juraj at hotfeet.ch
QAContact: mono-bugs at lists.ximian.com
Found By: ---
Created an attachment (id=234342)
--> (https://bugzilla.novell.com/attachment.cgi?id=234342)
minimal test page as described in the blog entry
This page describes the vulnerability and contains sample code. Using that code
and the "Live HTTP Headers" extension for Firefox, it's easy to verify that
Mono is prone to such attacks.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list