1
PublicDateAtUSN: 2012-07-12
2
Candidate: CVE-2012-3382
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3382
6
https://usn.ubuntu.com/usn/usn-1517-1
8
Cross-site scripting (XSS) vulnerability in the ProcessRequest function in
9
mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and
10
earlier allows remote attackers to inject arbitrary web script or HTML via
11
a file with a crafted name and a forbidden extension, which is not properly
12
handled in an error message.
16
https://bugzilla.novell.com/show_bug.cgi?id=769799
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681095
23
vendor: http://www.debian.org/security/2012/dsa-2512
24
upstream: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
25
upstream_mono: needs-triage
26
hardy_mono: ignored (reached end-of-life)
27
lucid_mono: released (2.4.4~svn151842-1ubuntu4.1)
28
natty_mono: released (2.6.7-5ubuntu3.1)
29
oneiric_mono: released (2.10.5-1ubuntu0.1)
30
precise_mono: released (2.10.8.1-1ubuntu2.2)
31
devel_mono: released (2.10.8.1-5ubuntu1)