CVE-2008-3906

Published: Sep 4, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Affected (20)

Products: Mono: Mono · Mono Project: Mono

1 product

1 product

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Mono Mono	Version 1.0.5
Mono Mono	Version 1.0
Mono Mono	Version 1.1.13.4
Mono Mono	Version 1.1.13.6
Mono Mono	Version 1.1.13.7
Mono Mono	Version 1.1.13
Mono Mono	Version 1.1.17.1
Mono Mono	Version 1.1.17
Mono Mono	Version 1.1.18
Mono Mono	Version 1.1.4
Mono Mono	Version 1.1.8.3
Mono Mono	Version 1.2.5.1
Mono Project Mono	Up to 2.0
Mono Project Mono	Version 1.2.1
Mono Project Mono	Version 1.2.2
Mono Project Mono	Version 1.2.3
Mono Project Mono	Version 1.2.4
Mono Project Mono	Version 1.2.5
Mono Project Mono	Version 1.2.6
Mono Project Mono	Version 1.9

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://secunia.com/advisories/31643

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36494

Source: cve@mitre.org

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2008:210

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/08/27/6

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/496845/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/30867

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2008/2443

Source: cve@mitre.org

https://bugzilla.novell.com/show_bug.cgi?id=418620

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44740

Source: cve@mitre.org

https://usn.ubuntu.com/826-1/

Source: cve@mitre.org

http://secunia.com/advisories/31643

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/36494

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2008:210

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/08/27/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496845/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30867

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2008/2443

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.novell.com/show_bug.cgi?id=418620

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44740

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/826-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.