CVE-2008-3906
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.7%
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Affected configurations
References
secunia.com/advisories/31643
secunia.com/advisories/36494
wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
www.mandriva.com/security/advisories?name=MDVSA-2008:210
www.openwall.com/lists/oss-security/2008/08/27/6
www.securityfocus.com/archive/1/496845/100/0/threaded
www.securityfocus.com/bid/30867
www.vupen.com/english/advisories/2008/2443
bugzilla.novell.com/show_bug.cgi?id=418620
exchange.xforce.ibmcloud.com/vulnerabilities/44740
usn.ubuntu.com/826-1/
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.7%