Red Hat Bugzilla – Bug 461752
CVE-2008-3906 mono: Sys.Web HTTP header injection attack
Last modified: 2010-12-23 17:37:17 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3906 to the
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Upstream commits to various SVN branches are mentioned in Novell bugzilla:
Fixed in the next push (should hit rawhide tomorrow/saturday)
Re-opening this parent bugs, which is supposed to track this issue across all supported versions, as F8/F9 should still be unfixed.