- Home
- CVEs with nessus.description==It was discovered that the XML HMAC signature system did not correctly
check certain lengths. If an attacker sent a truncated HMAC, it could
bypass authentication, leading to potential privilege escalation.
(CVE-2009-0217)
It was discovered that Mono did not properly escape certain attributes
in the ASP.net class libraries which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal
confidential data (such as passwords), within the same domain. This
issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422)
It was discovered that Mono did not properly filter CRLF injections in
the query string. If a user were tricked into viewing server output
during a crafted server request, a remote attacker could exploit this
to modify the contents, steal confidential data (such as passwords),
or perform cross-site request forgeries. This issue only affected
Ubuntu 8.04 LTS. (CVE-2008-3906).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top