CVE-2010-4225
https://notcve.org/view.php?id=CVE-2010-4225
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." Vulnerabilidad no especificada en el módulo mod_mono para XSP en Mono v2.8.x anterior a v2.8.2, permite a atacantes remotos obtener el código fuente de aplicaciones .aspx (ASP.NET) a través de vectores desconocidos relacionados con un "error de descarga". • http://osvdb.org/70312 http://secunia.com/advisories/42842 http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosure http://www.securityfocus.com/bid/45711 http://www.vupen.com/english/advisories/2011/0051 https://exchange.xforce.ibmcloud.com/vulnerabilities/64532 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-4159
https://notcve.org/view.php?id=CVE-2010-4159
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en metadata/loader.c en Mono v2.8, permite a usuarios locales obtener privilegios a través de un troyano de la biblioteca compartida en el directorio de trabajo actual. • http://lists.ximian.com/pipermail/mono-patches/2010-October/177900.html http://marc.info/?l=oss-security&m=128939873515821&w=2 http://marc.info/?l=oss-security&m=128939912716499&w=2 http://marc.info/?l=oss-security&m=128941802415318&w=2 http://secunia.com/advisories/42174 http://www.mandriva.com/security/advisories?name=MDVSA-2010:240 http://www.mono-project.com/Vulnerabilities#Mono_Runtime_Insecure_Native_Library_Loading http://www.securityfocus.com/bid/44810 http://www.vupe •
CVE-2010-1459
https://notcve.org/view.php?id=CVE-2010-1459
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. La configuración por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado con el parámetro __VIEWSTATE en 2.0/menu/menu1.aspx en el XSP sample project. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting http://www.securityfocus.com/bid/40351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. El diseño de la recomendación de W3C XML Signature Syntax and Processing (XMLDsig), tal y como es implementado en productos que incluyen (1) el componente Oracle Security Developer Tools de Application Server de Oracle en versiones 10.1.2.3, 10.1.3.4 y 10.1.4.3IM; (2) el componente WebLogic Server de Product Suite de BEA en las versiones 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0 y 8.1 SP6; (3) Mono anterior a versión 2.4.2.2; (4) XML Security Library anterior a versión 1.2.12; (5) WebSphere Application Server de IBM versiones 6.0 hasta 6.0.2.33, versiones 6.1 hasta 6.1.0.23 y versiones 7.0 hasta 7.0.0.1; (6) JDK y JRE de Sun Update 14 y versiones anteriores; (7) .NET Framework de Microsoft versiones 3.0 hasta 3.0 SP2, versiones 3.5 y 4.0; y otros productos utilizan un parámetro que define una longitud de truncamiento HMAC (HMACOutputLength) pero no requiere un mínimo para esta longitud, lo que permite a los atacantes suplantar firmas basadas en HMAC y omitir la autenticación mediante la especificación de una longitud de truncamiento con un pequeño número de bits. • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7 http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 •
CVE-2008-3906 – Mono 2.0 - 'System.Web' HTTP Header Injection
https://notcve.org/view.php?id=CVE-2008-3906
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. Vulnerabilidad de inyección CRLF en Sys.Web en Mono 2.0 y anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP mediante secuencias CRLF en la cadena de consulta(query). • https://www.exploit-db.com/exploits/32303 http://secunia.com/advisories/31643 http://secunia.com/advisories/36494 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286 http://www.mandriva.com/security/advisories?name=MDVSA-2008:210 http://www.openwall.com/lists/oss-security/2008/08/27/6 http://www.securityfocus.com/archive/1/496845/100/0/threaded http://www.securityfocus.com/bid/30867 http://www.vupen.com/english/advisories/2008/2443 https://bugzilla.novell.com/show • CWE-20: Improper Input Validation •