CVE-2008-3906
EPSS 8.1%
Description
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
How to fix CVE-2008-3906
To remediate CVE-2008-3906, upgrade the affected package to a fixed version below.
- Debian/mono—upgrade to 1.9.1+dfsg-4 or later
Is CVE-2008-3906 being exploited?
Moderate — EPSS is 8.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.9.1+dfsg-4