Test Kennung:	1.3.6.1.4.1.25623.1.0.72110
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2012:140 (mono)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to mono announced via advisory MDVSA-2012:140. A vulnerability has been discovered and corrected in mono: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message (CVE-2012-3382). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:140 Risk factor : High
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3382 MDVSA-2012:140 http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 [oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page http://www.openwall.com/lists/oss-security/2012/07/06/11 https://bugzilla.novell.com/show_bug.cgi?id=769799 https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 openSUSE-SU-2012:0974 https://hermes.opensuse.org/messages/15374367
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.