[Mono-bugs] [Bug 418620] New: Sys.Web is prone to "HTTP header injection" attacks

bugzilla_noreply Wed, 20 Aug 2008 02:21:39 -0700

https://bugzilla.novell.com/show_bug.cgi?id=418620



           Summary: Sys.Web is prone to "HTTP header injection" attacks
           Product: Mono: Class Libraries
           Version: SVN
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Sys.Web
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]
         QAContact: mono-bugs@lists.ximian.com
          Found By: ---


Created an attachment (id=234342)
 --> (https://bugzilla.novell.com/attachment.cgi?id=234342)
minimal test page as described in the blog entry

This page describes the vulnerability and contains sample code. Using that code
and the "Live HTTP Headers" extension for Firefox, it's easy to verify that
Mono is prone to such attacks.


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
_______________________________________________
mono-bugs maillist  -  mono-bugs@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-bugs

[Mono-bugs] [Bug 418620] New: Sys.Web is prone to "HTTP header injection" attacks

Reply via email to