Home > Vulnerability Database > CVE-2008-3906

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-3906

Date: September 4, 2008

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

Severity Score

3.7

Related Resources (14)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/44740

Url: http://www.openwall.com/lists/oss-security/2008/08/27/6

Url: https://bugzilla.novell.com/show_bug.cgi?id=418620

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-3906

Url: http://secunia.com/advisories/36494

Url: http://secunia.com/advisories/31643

Url: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:210

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3906

Url: http://www.securityfocus.com/archive/1/496845/100/0/threaded

Url: https://usn.ubuntu.com/826-1/

Url: http://www.vupen.com/english/advisories/2008/2443

Url: http://www.securityfocus.com/bid/30867

Url: https://www.mend.io/vulnerability-database/CVE-2008-3906

Severity Score

3.7

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us