Published: 12/07/2012 Updated: 05/04/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mono mono

Debian Bug report logs - #681095 CVE-2012-3382 Package: mono; Maintainer for mono is Debian Mono Group <pkg-mono-group@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 10 Jul 2012 15:48:01 UTC Severity: grave Tags: security Fixed in versions mono/21081-5, mono/267 ...

Mono could be made to expose sensitive information over the network ...

Marcus Meissner discovered that the web server included in Mono performed insufficient sanitising of requests, resulting in cross-site scripting For the stable distribution (squeeze), this problem has been fixed in version 267-51 For the unstable distribution (sid), this problem has been fixed in version 21081-5 We recommend that you upgra ...

CWE-79 https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 https://bugzilla.novell.com/show_bug.cgi?id=769799 http://www.openwall.com/lists/oss-security/2012/07/06/11 https://hermes.opensuse.org/messages/15374367 http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681095 https://usn.ubuntu.com/1517-1/https://nvd.nist.gov

CVE-2012-3382

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect