CVE-2012-3382

Publication date 12 July 2012

Last updated 24 July 2024

Ubuntu priority

Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
mono	12.04 LTS precise	Fixed 2.10.8.1-1ubuntu2.2
	11.10 oneiric	Fixed 2.10.5-1ubuntu0.1
	11.04 natty	Fixed 2.6.7-5ubuntu3.1
	10.04 LTS lucid	Fixed 2.4.4~svn151842-1ubuntu4.1
	8.04 LTS hardy	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
mono	Vendor: http://www.debian.org/security/2012/dsa-2512 Upstream: d16d462

CVE-2012-3382

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references