Unrated severityNVD Advisory· Published Sep 4, 2008· Updated Jun 16, 2026
CVE-2008-3906
CVE-2008-3906
Description
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:*:*:*:*:*:*:*:*range: <=2.0
- cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*
- (no CPE)range: <=2.0
Patches
Vulnerability mechanics
References
11- www.securityfocus.com/bid/30867nvdExploit
- secunia.com/advisories/31643nvdVendor Advisory
- secunia.com/advisories/36494nvd
- wiki.rpath.com/wiki/Advisories:rPSA-2008-0286nvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2008/08/27/6nvd
- www.securityfocus.com/archive/1/496845/100/0/threadednvd
- www.vupen.com/english/advisories/2008/2443nvd
- bugzilla.novell.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44740nvd
- usn.ubuntu.com/826-1/nvd
News mentions
0No linked articles in our index yet.