CVE-2008-3906
Description
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
8.111
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Mono for Windows 1.0.5 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.0 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.13 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.13.4 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.13.6 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.13.7 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.17 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.17.1 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.18 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.4 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.1.8.3 | Windows |
| Multiple Vulnerabilities are affected in Mono for Windows 1.2.5.1 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234