ID de Prueba:	1.3.6.1.4.1.25623.1.0.72110
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:140 (mono)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mono announced via advisory MDVSA-2012:140. A vulnerability has been discovered and corrected in mono: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message (CVE-2012-3382). The updated packages have been patched to correct this issue. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:140 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3382 MDVSA-2012:140 http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 [oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page http://www.openwall.com/lists/oss-security/2012/07/06/11 https://bugzilla.novell.com/show_bug.cgi?id=769799 https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 openSUSE-SU-2012:0974 https://hermes.opensuse.org/messages/15374367
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.