CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
secunia.com/advisories/31643
secunia.com/advisories/36494
wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
www.mandriva.com/security/advisories?name=MDVSA-2008:210
www.openwall.com/lists/oss-security/2008/08/27/6
www.securityfocus.com/archive/1/496845/100/0/threaded
www.securityfocus.com/bid/30867
www.vupen.com/english/advisories/2008/2443
bugzilla.novell.com/show_bug.cgi?id=418620
exchange.xforce.ibmcloud.com/vulnerabilities/44740
usn.ubuntu.com/826-1/