[Mono-bugs] [Bug 418620] Sys.Web is prone to "HTTP header injection" attacks

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Thu Sep 4 12:25:05 EDT 2008


User meissner at novell.com added comment

--- Comment #17 from Marcus Meissner <meissner at novell.com>  2008-09-04 10:25:05 MDT ---
cve entry is:

Name: CVE-2008-3906                                                             
Status: Candidate                                                               
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906                
Reference: MLIST:[oss-security] 20080827 CVE request: mono Sys.Web header
Reference: URL:http://www.openwall.com/lists/oss-security/2008/08/27/6          
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=418620           
Reference: BID:30867                                                            
Reference: URL:http://www.securityfocus.com/bid/30867                           
Reference: FRSIRT:ADV-2008-2443                                                 
Reference: URL:http://www.frsirt.com/english/advisories/2008/2443               
Reference: SECUNIA:31643                                                        
Reference: URL:http://secunia.com/advisories/31643                              

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows          
remote attackers to inject arbitrary HTTP headers and conduct HTTP              
response splitting attacks via CRLF sequences in the query string.              

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list