CVE-2008-3906

Name of the Vulnerable Software and Affected Versions Mono versions prior to 2.0

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. This is due to a CRLF injection vulnerability in Sys.Web.

Recommendations For Mono versions prior to 2.0, update to a version later than 2.0 to resolve the issue. As a temporary workaround, consider restricting access to the Sys.Web component to minimize the risk of exploitation.