PRIOn knowledge basePRION:CVE-2008-3906Crlf injection
7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.6%
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
References
secunia.com/advisories/31643
secunia.com/advisories/36494
wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
www.mandriva.com/security/advisories?name=MDVSA-2008:210
www.openwall.com/lists/oss-security/2008/08/27/6
www.securityfocus.com/archive/1/496845/100/0/threaded
www.securityfocus.com/bid/30867
www.vupen.com/english/advisories/2008/2443
bugzilla.novell.com/show_bug.cgi?id=418620
exchange.xforce.ibmcloud.com/vulnerabilities/44740
usn.ubuntu.com/826-1/
Related
7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.6%