CVE-2012-3382
Published: 12 July 2012
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mono Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Released
(2.4.4~svn151842-1ubuntu4.1)
|
|
| natty |
Released
(2.6.7-5ubuntu3.1)
|
|
| oneiric |
Released
(2.10.5-1ubuntu0.1)
|
|
| precise |
Released
(2.10.8.1-1ubuntu2.2)
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: http://www.debian.org/security/2012/dsa-2512 upstream: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 |
||