CVE-2012-3382

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-3382 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 769799

SUSE Security Advisories:

openSUSE-SU-2012:0974-1, published Thu, 9 Aug 2012 15:08:31 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SLE 11 SP2 DEBUGINFO	`mono-core-debuginfo >= 2.6.7-0.9.1` `mono-core-debugsource >= 2.6.7-0.9.1`	sle11-sp2-sdk.x86-64 sle11-sp2-sdk.s390x sles11-sp2-vmware.x86 sles11-sp2.ppc sles11-sp2.s390x sles11-sp2.x86 sle11-sp2-sdk.x86 sle11-sp2-sdk.ia64 sles11-sp2-vmware.x86-64 sled11-sp2.x86 sle11-sp2-sdk.ppc sles11-sp2.ia64 sles11-sp2.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 6543
SUSE Linux Enterprise Software Development Kit 11 SP2	`bytefx-data-mysql >= 2.6.7-0.9.1` `mono-data-firebird >= 2.6.7-0.9.1` `mono-data-oracle >= 2.6.7-0.9.1` `mono-data-sybase >= 2.6.7-0.9.1` `mono-devel >= 2.6.7-0.9.1` `mono-extras >= 2.6.7-0.9.1` `mono-jscript >= 2.6.7-0.9.1` `mono-wcf >= 2.6.7-0.9.1` `mono-winfxcore >= 2.6.7-0.9.1` `monodoc-core >= 2.6.7-0.9.1`	sle11-sp2-sdk.x86-64 sle11-sp2-sdk.s390x sles11-sp2-vmware.x86 sles11-sp2.ppc sles11-sp2.s390x sles11-sp2.x86 sle11-sp2-sdk.x86 sle11-sp2-sdk.ia64 sles11-sp2-vmware.x86-64 sled11-sp2.x86 sle11-sp2-sdk.ppc sles11-sp2.ia64 sles11-sp2.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 6543
SUSE Linux Enterprise Software Development Kit 11 SP2	`bytefx-data-mysql >= 2.6.7-0.9.1` `mono-core >= 2.6.7-0.9.1` `mono-data >= 2.6.7-0.9.1` `mono-data-firebird >= 2.6.7-0.9.1` `mono-data-oracle >= 2.6.7-0.9.1` `mono-data-postgresql >= 2.6.7-0.9.1` `mono-data-sqlite >= 2.6.7-0.9.1` `mono-data-sybase >= 2.6.7-0.9.1` `mono-devel >= 2.6.7-0.9.1` `mono-extras >= 2.6.7-0.9.1` `mono-jscript >= 2.6.7-0.9.1` `mono-locale-extras >= 2.6.7-0.9.1` `mono-nunit >= 2.6.7-0.9.1` `mono-wcf >= 2.6.7-0.9.1` `mono-web >= 2.6.7-0.9.1` `mono-winforms >= 2.6.7-0.9.1` `mono-winfxcore >= 2.6.7-0.9.1` `monodoc-core >= 2.6.7-0.9.1`	sle11-sp2-sdk.x86-64 sle11-sp2-sdk.s390x sles11-sp2-vmware.x86 sles11-sp2.ppc sles11-sp2.s390x sles11-sp2.x86 sle11-sp2-sdk.x86 sle11-sp2-sdk.ia64 sles11-sp2-vmware.x86-64 sled11-sp2.x86 sle11-sp2-sdk.ppc sles11-sp2.ia64 sles11-sp2.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 6543
SUSE Linux Enterprise Desktop 11 SP2	`bytefx-data-mysql >= 2.6.7-0.9.1` `ibm-data-db2 >= 2.6.7-0.9.1` `mono-core >= 2.6.7-0.9.1` `mono-data >= 2.6.7-0.9.1` `mono-data-firebird >= 2.6.7-0.9.1` `mono-data-oracle >= 2.6.7-0.9.1` `mono-data-postgresql >= 2.6.7-0.9.1` `mono-data-sqlite >= 2.6.7-0.9.1` `mono-data-sybase >= 2.6.7-0.9.1` `mono-devel >= 2.6.7-0.9.1` `mono-extras >= 2.6.7-0.9.1` `mono-jscript >= 2.6.7-0.9.1` `mono-locale-extras >= 2.6.7-0.9.1` `mono-nunit >= 2.6.7-0.9.1` `mono-wcf >= 2.6.7-0.9.1` `mono-web >= 2.6.7-0.9.1` `mono-winforms >= 2.6.7-0.9.1` `monodoc-core >= 2.6.7-0.9.1`	sle11-sp2-sdk.x86-64 sle11-sp2-sdk.s390x sles11-sp2-vmware.x86 sles11-sp2.ppc sles11-sp2.s390x sles11-sp2.x86 sle11-sp2-sdk.x86 sle11-sp2-sdk.ia64 sles11-sp2-vmware.x86-64 sled11-sp2.x86 sle11-sp2-sdk.ppc sles11-sp2.ia64 sles11-sp2.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 6543
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`mono-core >= 2.6.7-0.9.1` `mono-data >= 2.6.7-0.9.1` `mono-data-postgresql >= 2.6.7-0.9.1` `mono-data-sqlite >= 2.6.7-0.9.1` `mono-locale-extras >= 2.6.7-0.9.1` `mono-nunit >= 2.6.7-0.9.1` `mono-web >= 2.6.7-0.9.1` `mono-winforms >= 2.6.7-0.9.1`	sle11-sp2-sdk.x86-64 sle11-sp2-sdk.s390x sles11-sp2-vmware.x86 sles11-sp2.ppc sles11-sp2.s390x sles11-sp2.x86 sle11-sp2-sdk.x86 sle11-sp2-sdk.ia64 sles11-sp2-vmware.x86-64 sled11-sp2.x86 sle11-sp2-sdk.ppc sles11-sp2.ia64 sles11-sp2.x86-64 sled11-sp2.x86-64 SAT Patch Nr: 6543

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy