CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Published: Sep 4, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3906
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mono_project / mono	1.2.4	1.2.4.x
mono_project / mono	1.2.1	1.2.1.x
mono_project / mono	1.9	1.9.x
mono_project / mono	1.2.6	1.2.6.x
mono / mono	1.1.13.4	1.1.13.4.x
mono / mono	1.1.13	1.1.13.x
mono / mono	1.0	1.0.x
mono / mono	1.1.8.3	1.1.8.3.x
mono_project / mono	1.2.3	1.2.3.x
mono / mono	1.1.17.1	1.1.17.1.x
mono / mono	1.2.5.1	1.2.5.1.x
mono / mono	1.1.18	1.1.18.x
mono / mono	1.0.5	1.0.5.x
mono_project / mono	1.2.5	1.2.5.x
mono / mono	1.1.13.7	1.1.13.7.x
mono_project / mono	-	2.0.x
mono / mono	1.1.17	1.1.17.x
mono_project / mono	1.2.2	1.2.2.x
mono / mono	1.1.4	1.1.4.x
mono / mono	1.1.13.6	1.1.13.6.x

http://secunia.com/advisories/31643
http://secunia.com/advisories/36494
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.securityfocus.com/bid/30867
http://www.vupen.com/english/advisories/2008/2443
https://bugzilla.novell.com/show_bug.cgi?id=418620
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
https://usn.ubuntu.com/826-1/

Vulnerability Database

289,697

CVE-2008-3906