1
PublicDateAtUSN: 2010-05-27
2
Candidate: CVE-2010-1459
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1459
6
http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting
7
https://usn.ubuntu.com/usn/usn-1517-1
9
The default configuration of ASP.NET in Mono before 2.6.4 has a value of
10
FALSE for the EnableViewStateMac property, which allows remote attackers to
11
conduct cross-site scripting (XSS) attacks, as demonstrated by the
12
__VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
16
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585440
22
vendor: http://git.debian.org/?p=pkg-mono/packages/mono.git;a=patch;h=e861cd1186ee640856a4533b5ee349394fa67193 (2.6.3)
23
vendor: http://git.debian.org/?p=pkg-mono/packages/mono.git;a=patch;h=871872741c2d8f6c6325997c44c6f09b7a94dc14
24
vendor: https://bugzilla.redhat.com/attachment.cgi?id=418328&action=diff&context=patch&collapsed=&headers=1&format=raw (1.9.x)
25
upstream_mono: released (2.6.4)
26
dapper_mono: ignored (reached end-of-life)
27
hardy_mono: ignored (reached end-of-life)
28
jaunty_mono: ignored (reached end-of-life)
29
karmic_mono: ignored (reached end-of-life)
30
lucid_mono: released (2.4.4~svn151842-1ubuntu4.1)
31
maverick_mono: not-affected (2.6.7-2ubuntu1)
32
natty_mono: not-affected (2.6.7-2ubuntu1)
33
oneiric_mono: not-affected (2.6.7-2ubuntu1)
34
precise_mono: not-affected (2.6.7-2ubuntu1)
35
devel_mono: not-affected (2.6.7-2ubuntu1)