4.3 - CVE-2008-3906

Executive Summary

Informations
Name	CVE-2008-3906	First vendor Publication	2008-09-04
Vendor	Cve	Last vendor Modification	2018-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13875

Oval ID:	oval:org.mitre.oval:def:13875
Title:	USN-826-1 -- mono vulnerabilities
Description:	It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue only affected Ubuntu 8.04 LTS. It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data, or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS
Family:	unix	Class:	patch
Reference(s):	USN-826-1 CVE-2009-0217 CVE-2008-3422 CVE-2008-3906	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04	Product(s):	mono
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section libmono-peapi1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-cairo1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-mjs DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-web2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-1.0-devel DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-2.0-service DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-accessibility2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-microsoft7.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-security1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-nunit2.2-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-ldap1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-data1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-data2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-corlib2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-security2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-microsoft8.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-corlib1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-web1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-runtime2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-cscompmgd8.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-cscompmgd7.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-firebirdsql1.7-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-data-tds1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-sqlite1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-winforms2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-relaxng1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-gmcs DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-i18n2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-accessibility1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-ldap2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-mcs DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-oracle1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-sharpzip2.84-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-bytefx0.7.6.2-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-2.0-devel DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-xbuild DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-sharpzip0.6-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-smcs DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-data-tds2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system2.1-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-1.0-service DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-messaging1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-gac DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-npgsql1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-winforms1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-i18n1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-bytefx0.7.6.1-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-microsoft-build2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-ldap1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-relaxng2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-ldap2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-dbg DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-mozilla0.2-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-sharpzip0.84-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-corlib2.1-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-sqlite2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-messaging2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND prj2make-sharp DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-sharpzip2.6-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-npgsql2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-system-runtime1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-db2-1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-c5-1.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-oracle2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-cairo2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-peapi2.0-cil DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section mono-jit DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-jay DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono0 DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono-dev DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND libmono0-dbg DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-jit-dbg DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-runtime DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-utils DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 AND mono-common DPKG is earlier than 1.9.1+dfsg-4ubuntu2.1 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section libmono-peapi1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-cairo1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-mjs DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-web2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-1.0-devel DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND prj2make-sharp DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-accessibility2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-microsoft7.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-security1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-ldap1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-data1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-data2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-corlib2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-security2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-microsoft8.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-corlib1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-web1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-runtime2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-cscompmgd8.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-cscompmgd7.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-firebirdsql1.7-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-data-tds1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-sqlite1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-winforms2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-relaxng1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-gmcs DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-i18n2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-accessibility1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-ldap2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-mcs DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-oracle1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-sharpzip2.84-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-bytefx0.7.6.2-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-2.0-devel DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-xbuild DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-sharpzip0.6-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-smcs DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-data-tds2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system2.1-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-1.0-service DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-messaging1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-gac DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-npgsql1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-winforms1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-i18n1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-bytefx0.7.6.1-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-microsoft-build2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-ldap1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-relaxng2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-ldap2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-dbg DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-2.0-service DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-sharpzip0.84-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-corlib2.1-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-sqlite2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-messaging2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-sharpzip2.6-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-mozilla0.1-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-npgsql2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-system-runtime1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-db2-1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-c5-1.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-oracle2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-cairo2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-peapi2.0-cil DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section mono-jit DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-jay DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono0 DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono-dev DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND libmono0-dbg DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-jit-dbg DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-runtime DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-utils DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 AND mono-common DPKG is earlier than 1.2.6+dfsg-6ubuntu3.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section libmono-peapi1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-cairo1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-mjs DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-web2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-1.0-devel DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-2.0-service DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-accessibility2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-data2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-security1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-nunit2.2-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-relaxng2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-gac DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-data1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-data2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-1.0-gac DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-corlib2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-winforms1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-microsoft8.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-corlib1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-dbg DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-web1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-runtime2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-posix1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-cscompmgd8.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-bytefx0.7.6.1-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-posix2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-cscompmgd7.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-firebirdsql1.7-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-data-tds1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-2.0-gac DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-sqlite1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-relaxng1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-gmcs DPKG is earlier than 2.0.1-4ubuntu0.1 AND prj2make-sharp DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-i18n2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-accessibility1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-ldap2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-mcs DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-oracle1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-sharpzip0.6-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-sharpzip2.84-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-bytefx0.7.6.2-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-getoptions1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-2.0-devel DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-xbuild DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-microsoft7.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-smcs DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-data-tds2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system2.1-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-1.0-service DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-messaging1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-winforms2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-npgsql1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-security2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-i18n1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-getoptions2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-microsoft-build2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-devel DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-ldap1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-ldap1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-ldap2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-messaging2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-data1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-sharpzip0.84-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-corlib2.1-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-sqlite2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-webbrowser0.5-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-sharpzip2.6-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-npgsql2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-system-runtime1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-db2-1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-c5-1.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-oracle2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-cairo2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-peapi2.0-cil DPKG is earlier than 2.0.1-4ubuntu0.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section mono-jit DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-jay DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono0 DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-2.0-runtime DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono0-dbg DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-jit-dbg DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-runtime DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-utils DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-1.0-runtime DPKG is earlier than 2.0.1-4ubuntu0.1 AND libmono-dev DPKG is earlier than 2.0.1-4ubuntu0.1 AND mono-common DPKG is earlier than 2.0.1-4ubuntu0.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mono cpe:2.3:a:mono:mono:1.2.5.1:::::::* cpe:2.3:a:mono:mono:1.1.8.3:::::::* cpe:2.3:a:mono:mono:1.1.4:::::::* cpe:2.3:a:mono:mono:1.1.18:::::::* cpe:2.3:a:mono:mono:1.1.17.1:::::::* cpe:2.3:a:mono:mono:1.1.17:::::::* cpe:2.3:a:mono:mono:1.1.13.7:::::::* cpe:2.3:a:mono:mono:1.1.13.6:::::::* cpe:2.3:a:mono:mono:1.1.13.4:::::::* cpe:2.3:a:mono:mono:1.1.13:::::::* cpe:2.3:a:mono:mono:1.0.5:::::::* cpe:2.3:a:mono:mono:1.0:::::::*	12
Application	Mono Project Mono cpe:2.3:a:mono_project:mono:2.0:::::::* cpe:2.3:a:mono_project:mono:1.9:::::::* cpe:2.3:a:mono_project:mono:1.2.6:::::::* cpe:2.3:a:mono_project:mono:1.2.5:::::::* cpe:2.3:a:mono_project:mono:1.2.4:::::::* cpe:2.3:a:mono_project:mono:1.2.3:::::::* cpe:2.3:a:mono_project:mono:1.2.2:::::::* cpe:2.3:a:mono_project:mono:1.2.1:::::::*	8

OpenVAS Exploits

Date	Description
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:322 (mono) File : nvt/mdksa_2009_322.nasl
2009-09-02	Name : Ubuntu USN-826-1 (mono) File : nvt/ubuntu_826_1.nasl
2009-04-09	Name : Mandriva Update for mono MDVSA-2008:210 (mono) File : nvt/gb_mandriva_MDVSA_2008_210.nasl
2009-04-09	Name : Mandriva Update for mono MDVSA-2008:210-1 (mono) File : nvt/gb_mandriva_MDVSA_2008_210_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
47855	Mono Sys.Web Module HTTP Header Injection

Nessus® Vulnerability Scanner

Date	Description
2009-12-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-322.nasl - Type : ACT_GATHER_INFO
2009-08-27	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-826-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-210.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/30867
BUGTRAQ	http://www.securityfocus.com/archive/1/496845/100/0/threaded
CONFIRM	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 https://bugzilla.novell.com/show_bug.cgi?id=418620
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
MLIST	http://www.openwall.com/lists/oss-security/2008/08/27/6
SECUNIA	http://secunia.com/advisories/31643 http://secunia.com/advisories/36494
UBUNTU	https://usn.ubuntu.com/826-1/
VUPEN	http://www.vupen.com/english/advisories/2008/2443
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/44740

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-05 01:05:02	Multiple Updates
2021-05-04 12:07:59	Multiple Updates
2021-04-22 01:08:21	Multiple Updates
2020-05-24 01:04:43	Multiple Updates
2020-05-23 00:22:12	Multiple Updates
2018-10-12 00:20:27	Multiple Updates
2018-10-04 00:19:33	Multiple Updates
2017-08-08 09:24:21	Multiple Updates
2016-04-26 17:47:29	Multiple Updates
2014-02-17 10:46:21	Multiple Updates
2013-05-11 00:25:00	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	20
Sources(s)	11
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	3

	Related
7.5	MDVSA-2009:322
5	USN-826-1
4.3	MDVSA-2008:210-1
4.3	MDVSA-2008:210
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

4.3 - CVE-2008-3906

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU