Search for vulnerabilities
Vulnerability details: VCID-gdgx-vfcu-aaab
Vulnerability ID VCID-gdgx-vfcu-aaab
Aliases CVE-2008-3906
Summary CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.00995 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.02144 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.02144 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.02144 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.02415 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.07729 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
epss 0.12104 https://api.first.org/data/v1/epss?cve=CVE-2008-3906
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=461752
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-3906
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3906.json
https://api.first.org/data/v1/epss?cve=CVE-2008-3906
https://bugzilla.novell.com/show_bug.cgi?id=418620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3906
http://secunia.com/advisories/31643
http://secunia.com/advisories/36494
https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
https://usn.ubuntu.com/826-1/
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
http://www.openwall.com/lists/oss-security/2008/08/27/6
http://www.securityfocus.com/archive/1/496845/100/0/threaded
http://www.securityfocus.com/bid/30867
http://www.vupen.com/english/advisories/2008/2443
461752 https://bugzilla.redhat.com/show_bug.cgi?id=461752
498894 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498894
cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*
CVE-2008-3906 https://nvd.nist.gov/vuln/detail/CVE-2008-3906
CVE-2008-3906;OSVDB-47855 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32303.txt
CVE-2008-3906;OSVDB-47855 Exploit https://www.securityfocus.com/bid/30867/info
Data source Exploit-DB
Date added Aug. 20, 2008
Description Mono 2.0 - 'System.Web' HTTP Header Injection
Ransomware campaign use Known
Source publication date Aug. 20, 2008
Exploit type remote
Platform linux
Source update date March 17, 2014
Source URL https://www.securityfocus.com/bid/30867/info
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-3906
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84020
EPSS Score 0.00995
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.