CVE-2008-3906
Summary
| CVE | CVE-2008-3906 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-09-04 17:41:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mono | Mono | 1.0 | All | All | All |
| Application | Mono | Mono | 1.0.5 | All | All | All |
| Application | Mono | Mono | 1.1.13 | All | All | All |
| Application | Mono | Mono | 1.1.13.4 | All | All | All |
| Application | Mono | Mono | 1.1.13.6 | All | All | All |
| Application | Mono | Mono | 1.1.13.7 | All | All | All |
| Application | Mono | Mono | 1.1.17 | All | All | All |
| Application | Mono | Mono | 1.1.17.1 | All | All | All |
| Application | Mono | Mono | 1.1.18 | All | All | All |
| Application | Mono | Mono | 1.1.4 | All | All | All |
| Application | Mono | Mono | 1.1.8.3 | All | All | All |
| Application | Mono | Mono | 1.2.5.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.2 | All | All | All |
| Application | Mono Project | Mono | 1.2.3 | All | All | All |
| Application | Mono Project | Mono | 1.2.4 | All | All | All |
| Application | Mono Project | Mono | 1.2.5 | All | All | All |
| Application | Mono Project | Mono | 1.2.6 | All | All | All |
| Application | Mono Project | Mono | 1.9 | All | All | All |
| Application | Mono Project | Mono | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Mono Sys.Web HTTP Header Injection Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Mono 'System.Web' HTTP Header Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit |
| oss-security - CVE request: mono Sys.Web header injection | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 | af854a3a-2127-422b-91ae-364da2661108 | wiki.rpath.com | |
| Support / Security / Advisories / / MDVSA-2008:210 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Bug 418620 – Sys.Web is prone to "HTTP header injection" attacks | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.novell.com | |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Ubuntu update for mono - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| USN-826-1: Mono vulnerabilities | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.