CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
monomono
1.0
monomono
1.0.5
monomono
1.1.4
monomono
1.1.8.3
monomono
1.1.13
monomono
1.1.13.4
monomono
1.1.13.6
monomono
1.1.13.7
monomono
1.1.17
monomono
1.1.17.1
monomono
1.1.18
monomono
1.2.5.1
mono_projectmono
𝑥
≤ 2.0
mono_projectmono
1.2.1
mono_projectmono
1.2.2
mono_projectmono
1.2.3
mono_projectmono
1.2.4
mono_projectmono
1.2.5
mono_projectmono
1.2.6
mono_projectmono
1.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mono
bookworm
6.8.0.105+dfsg-3.3
fixed
bullseye
6.8.0.105+dfsg-3.3~deb11u1
fixed
sid
6.12.0.199+dfsg-2
fixed
trixie
6.12.0.199+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mono
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
Fixed 1.2.6+dfsg-6ubuntu3.1
released
intrepid
not-affected
jaunty
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/31643
http://secunia.com/advisories/36494
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.securityfocus.com/bid/30867
http://www.vupen.com/english/advisories/2008/2443
https://bugzilla.novell.com/show_bug.cgi?id=418620
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
https://usn.ubuntu.com/826-1/
http://secunia.com/advisories/31643
http://secunia.com/advisories/36494
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.securityfocus.com/bid/30867
http://www.vupen.com/english/advisories/2008/2443
https://bugzilla.novell.com/show_bug.cgi?id=418620
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
https://usn.ubuntu.com/826-1/