[Mono-bugs] [Bug 418620] Sys.Web is prone to "HTTP header injection" attacks
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Thu Sep 4 12:25:05 EDT 2008
https://bugzilla.novell.com/show_bug.cgi?id=418620
User meissner at novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=418620#c17
--- Comment #17 from Marcus Meissner <meissner at novell.com> 2008-09-04 10:25:05 MDT ---
cve entry is:
Name: CVE-2008-3906
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906
Reference: MLIST:[oss-security] 20080827 CVE request: mono Sys.Web header
injection
Reference: URL:http://www.openwall.com/lists/oss-security/2008/08/27/6
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=418620
Reference: BID:30867
Reference: URL:http://www.securityfocus.com/bid/30867
Reference: FRSIRT:ADV-2008-2443
Reference: URL:http://www.frsirt.com/english/advisories/2008/2443
Reference: SECUNIA:31643
Reference: URL:http://secunia.com/advisories/31643
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via CRLF sequences in the query string.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list