[Mono-bugs] [Bug 418620] New: Sys.Web is prone to "HTTP header injection" attacks

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Aug 20 05:21:15 EDT 2008


           Summary: Sys.Web is prone to "HTTP header injection" attacks
           Product: Mono: Class Libraries
           Version: SVN
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Sys.Web
        AssignedTo: mhabersack at novell.com
        ReportedBy: juraj at hotfeet.ch
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---

Created an attachment (id=234342)
 --> (https://bugzilla.novell.com/attachment.cgi?id=234342)
minimal test page as described in the blog entry

This page describes the vulnerability and contains sample code. Using that code
and the "Live HTTP Headers" extension for Firefox, it's easy to verify that
Mono is prone to such attacks.

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list