Novell Home

CVE-2012-3382

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3382 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 769799

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP2 DEBUGINFO
  • mono-core-debuginfo >= 2.6.7-0.9.1
  • mono-core-debugsource >= 2.6.7-0.9.1
sle11-sp2-sdk.x86-64
sle11-sp2-sdk.s390x
sles11-sp2-vmware.x86
sles11-sp2.ppc
sles11-sp2.s390x
sles11-sp2.x86
sle11-sp2-sdk.x86
sle11-sp2-sdk.ia64
sles11-sp2-vmware.x86-64
sled11-sp2.x86
sle11-sp2-sdk.ppc
sles11-sp2.ia64
sles11-sp2.x86-64
sled11-sp2.x86-64
SAT Patch Nr: 6543
SUSE Linux Enterprise Software Development Kit 11 SP2
  • bytefx-data-mysql >= 2.6.7-0.9.1
  • mono-data-firebird >= 2.6.7-0.9.1
  • mono-data-oracle >= 2.6.7-0.9.1
  • mono-data-sybase >= 2.6.7-0.9.1
  • mono-devel >= 2.6.7-0.9.1
  • mono-extras >= 2.6.7-0.9.1
  • mono-jscript >= 2.6.7-0.9.1
  • mono-wcf >= 2.6.7-0.9.1
  • mono-winfxcore >= 2.6.7-0.9.1
  • monodoc-core >= 2.6.7-0.9.1
sle11-sp2-sdk.x86-64
sle11-sp2-sdk.s390x
sles11-sp2-vmware.x86
sles11-sp2.ppc
sles11-sp2.s390x
sles11-sp2.x86
sle11-sp2-sdk.x86
sle11-sp2-sdk.ia64
sles11-sp2-vmware.x86-64
sled11-sp2.x86
sle11-sp2-sdk.ppc
sles11-sp2.ia64
sles11-sp2.x86-64
sled11-sp2.x86-64
SAT Patch Nr: 6543
SUSE Linux Enterprise Software Development Kit 11 SP2
  • bytefx-data-mysql >= 2.6.7-0.9.1
  • mono-core >= 2.6.7-0.9.1
  • mono-data >= 2.6.7-0.9.1
  • mono-data-firebird >= 2.6.7-0.9.1
  • mono-data-oracle >= 2.6.7-0.9.1
  • mono-data-postgresql >= 2.6.7-0.9.1
  • mono-data-sqlite >= 2.6.7-0.9.1
  • mono-data-sybase >= 2.6.7-0.9.1
  • mono-devel >= 2.6.7-0.9.1
  • mono-extras >= 2.6.7-0.9.1
  • mono-jscript >= 2.6.7-0.9.1
  • mono-locale-extras >= 2.6.7-0.9.1
  • mono-nunit >= 2.6.7-0.9.1
  • mono-wcf >= 2.6.7-0.9.1
  • mono-web >= 2.6.7-0.9.1
  • mono-winforms >= 2.6.7-0.9.1
  • mono-winfxcore >= 2.6.7-0.9.1
  • monodoc-core >= 2.6.7-0.9.1
sle11-sp2-sdk.x86-64
sle11-sp2-sdk.s390x
sles11-sp2-vmware.x86
sles11-sp2.ppc
sles11-sp2.s390x
sles11-sp2.x86
sle11-sp2-sdk.x86
sle11-sp2-sdk.ia64
sles11-sp2-vmware.x86-64
sled11-sp2.x86
sle11-sp2-sdk.ppc
sles11-sp2.ia64
sles11-sp2.x86-64
sled11-sp2.x86-64
SAT Patch Nr: 6543
SUSE Linux Enterprise Desktop 11 SP2
  • bytefx-data-mysql >= 2.6.7-0.9.1
  • ibm-data-db2 >= 2.6.7-0.9.1
  • mono-core >= 2.6.7-0.9.1
  • mono-data >= 2.6.7-0.9.1
  • mono-data-firebird >= 2.6.7-0.9.1
  • mono-data-oracle >= 2.6.7-0.9.1
  • mono-data-postgresql >= 2.6.7-0.9.1
  • mono-data-sqlite >= 2.6.7-0.9.1
  • mono-data-sybase >= 2.6.7-0.9.1
  • mono-devel >= 2.6.7-0.9.1
  • mono-extras >= 2.6.7-0.9.1
  • mono-jscript >= 2.6.7-0.9.1
  • mono-locale-extras >= 2.6.7-0.9.1
  • mono-nunit >= 2.6.7-0.9.1
  • mono-wcf >= 2.6.7-0.9.1
  • mono-web >= 2.6.7-0.9.1
  • mono-winforms >= 2.6.7-0.9.1
  • monodoc-core >= 2.6.7-0.9.1
sle11-sp2-sdk.x86-64
sle11-sp2-sdk.s390x
sles11-sp2-vmware.x86
sles11-sp2.ppc
sles11-sp2.s390x
sles11-sp2.x86
sle11-sp2-sdk.x86
sle11-sp2-sdk.ia64
sles11-sp2-vmware.x86-64
sled11-sp2.x86
sle11-sp2-sdk.ppc
sles11-sp2.ia64
sles11-sp2.x86-64
sled11-sp2.x86-64
SAT Patch Nr: 6543
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • mono-core >= 2.6.7-0.9.1
  • mono-data >= 2.6.7-0.9.1
  • mono-data-postgresql >= 2.6.7-0.9.1
  • mono-data-sqlite >= 2.6.7-0.9.1
  • mono-locale-extras >= 2.6.7-0.9.1
  • mono-nunit >= 2.6.7-0.9.1
  • mono-web >= 2.6.7-0.9.1
  • mono-winforms >= 2.6.7-0.9.1
sle11-sp2-sdk.x86-64
sle11-sp2-sdk.s390x
sles11-sp2-vmware.x86
sles11-sp2.ppc
sles11-sp2.s390x
sles11-sp2.x86
sle11-sp2-sdk.x86
sle11-sp2-sdk.ia64
sles11-sp2-vmware.x86-64
sled11-sp2.x86
sle11-sp2-sdk.ppc
sles11-sp2.ia64
sles11-sp2.x86-64
sled11-sp2.x86-64
SAT Patch Nr: 6543

© 2014 Novell