oss-sec mailing list archives
Re: CVE Request: XSS in a Mono System.web error page
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 06 Jul 2012 16:31:07 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/06/2012 04:21 PM, Marcus Meissner wrote:
Hi, A Nessus scan of a Novell product using Mono Web revealed a XSS attack in the Mono System.Web library. The Mono team commited a fix to their GIT. References: https://bugzilla.novell.com/show_bug.cgi?id=769799 https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 The XSS is in the error popup of the "Forbidden extension" filter method, which filters out e.g. ".dll" files. Ciao, Marcus
Please use CVE-2012-3382 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP92crAAoJEBYNRVNeJnmT/NEP/RQhU2JTHMhkXz95QGgroEwv /VnhcCOLeJAI0e0pjCJdHmqgfx6wJ2+Munst4M53TNtzkzCwYm4IV4HSYpNn2YTg qAAAgGfB579WmrMuBs6FXkDCarmerq1XeGuPeHEte/Lt2ktbgtTMMWp2zAEEnoHj 6Ab6xy/e1odohJieJxp8fg1ZsksB765AhU/pTQVSY0LEKYzOmX7mcLMxntOinGP+ HqTuRa/ITr9B2YdgEJ5XbCjaUs4S9C1jsC4y/5teoI29XTBEHmw0+tMYouUJvRry Kc2SIGhgie8uOVas9m+5c58unRq35ya73zTNIYA0lBE4F6vt+NjkpPdFDAQHMKeT pQYyTtlT9o75gp/sQfTZWJPtYcwvxFCF928i+7lrd0gpFfa1v+38DLFgI7//oySZ PMg3AeDIgvtSMOBRal5/VQLG7WHW7ZLpugqbPmY+BRbSqY+plHSwoAFG3XKp7S2h OmLI6DBQMgfo/cOA2qU9DfmbJP6efWISZrjPsEOLamydV2QxqG9j28Hpu9WLFMin 47f7aAQzAs290U8ZV2bRlMsS8yGZG6ZqNKH5imrwyZQVYiEX8UdOK2irHnAtaY/U 4K8ymglnNYEO0UIF84dSL7o1kRyiMsKbMisSmCi1FhZAfDmVAh4s2HvIiObZpE/A b1w1Zo/3EKv6Av7E1SGw =gScU -----END PGP SIGNATURE-----
Current thread:
- CVE Request: XSS in a Mono System.web error page Marcus Meissner (Jul 06)
- Re: CVE Request: XSS in a Mono System.web error page Kurt Seifried (Jul 06)