CVE-2008-3906 Information

Description

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Reference

http://secunia.com/advisories/31643 http://secunia.com/advisories/36494 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 http://www.mandriva.com/security/advisories?name=MDVSA-2008:210 http://www.openwall.com/lists/oss-security/2008/08/27/6 http://www.securityfocus.com/archive/1/496845/100/0/threaded http://www.securityfocus.com/bid/30867 http://www.vupen.com/english/advisories/2008/2443 https://bugzilla.novell.com/show_bug.cgi?id=418620 https://exchange.xforce.ibmcloud.com/vulnerabilities/44740 https://usn.ubuntu.com/826-1/