Mono HTTP Header Injection Vulnerability

vendor:

Mono

by:

SecurityFocus

7.5

CVSS

HIGH

HTTP Header Injection

113

CWE

Product Name: Mono

Affected Version From: Mono 2.0

Affected Version To: Mono 2.0 and earlier

Patch Exists: YES

Related CWE: N/A

CPE: a:mono:mono

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mono HTTP Header Injection Vulnerability

Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to modify the HTTP response headers.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30867/info

Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input.

By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.

This issue affects Mono 2.0 and earlier. 

<script runat="server"> void Page_Load(object o, EventArgs e) { // Query parameter text is not checked before saving in user cookie NameValueCollection request = Request.QueryString; // Adding cookies to the response Response.Cookies["userName"].Value = request["text"]; } </script>