Detections
Analytics

CVE-2008-3906

medium

Description

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.

References

https://usn.ubuntu.com/826-1/

https://exchange.xforce.ibmcloud.com/vulnerabilities/44740

https://bugzilla.novell.com/show_bug.cgi?id=418620

http://www.vupen.com/english/advisories/2008/2443

http://www.securityfocus.com/archive/1/496845/100/0/threaded

http://www.openwall.com/lists/oss-security/2008/08/27/6

http://www.mandriva.com/security/advisories?name=MDVSA-2008:210

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286

http://secunia.com/advisories/36494

http://secunia.com/advisories/31643

Details

Source: Mitre, NVD

Published: 2008-09-04

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.09775