7.8 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.973 High
EPSS
Percentile
99.9%
It was discovered that the XML HMAC signature system did not correctly
check certain lengths. If an attacker sent a truncated HMAC, it could
bypass authentication, leading to potential privilege escalation.
(CVE-2009-0217)
It was discovered that Mono did not properly escape certain attributes in
the ASP.net class libraries which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output. With
cross-site scripting vulnerabilities, if a user were tricked into viewing
server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. This issue only affected Ubuntu 8.04
LTS. (CVE-2008-3422)
It was discovered that Mono did not properly filter CRLF injections in the
query string. If a user were tricked into viewing server output during a
crafted server request, a remote attacker could exploit this to modify the
contents, steal confidential data (such as passwords), or perform
cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS.
(CVE-2008-3906)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | libmono-security2.0-cil | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | libmono-dev | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | libmono0 | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | libmono0-dbg | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | mono-1.0-runtime | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | mono-2.0-runtime | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | mono-common | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | mono-jay | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | mono-jit | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |
Ubuntu | 9.04 | noarch | mono-jit-dbg | <Â 2.0.1-4ubuntu0.1 | UNKNOWN |