CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
monomono
1.0
monomono
1.0.5
monomono
1.1.4
monomono
1.1.8.3
monomono
1.1.13
monomono
1.1.13.4
monomono
1.1.13.6
monomono
1.1.13.7
monomono
1.1.17
monomono
1.1.17.1
monomono
1.1.18
monomono
1.2.5.1
mono_projectmono
𝑥
≤ 2.0
mono_projectmono
1.2.1
mono_projectmono
1.2.2
mono_projectmono
1.2.3
mono_projectmono
1.2.4
mono_projectmono
1.2.5
mono_projectmono
1.2.6
mono_projectmono
1.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mono
bullseye
6.8.0.105+dfsg-3.3~deb11u1
fixed
bookworm
6.8.0.105+dfsg-3.3
fixed
sid
6.12.0.199+dfsg-2
fixed
trixie
6.12.0.199+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mono
jaunty
not-affected
intrepid
not-affected
hardy
Fixed 1.2.6+dfsg-6ubuntu3.1
released
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://secunia.com/advisories/31643
http://secunia.com/advisories/36494
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.securityfocus.com/bid/30867
http://www.vupen.com/english/advisories/2008/2443
https://bugzilla.novell.com/show_bug.cgi?id=418620
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
https://usn.ubuntu.com/826-1/
http://secunia.com/advisories/31643
http://secunia.com/advisories/36494
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.securityfocus.com/bid/30867
http://www.vupen.com/english/advisories/2008/2443
https://bugzilla.novell.com/show_bug.cgi?id=418620
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
https://usn.ubuntu.com/826-1/