ID de Prueba:	1.3.6.1.4.1.25623.1.0.831723
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for mono MDVSA-2012:140 (mono)
Resumen:	The remote host is missing an update for the 'mono'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mono' package(s) announced via the referenced advisory. Vulnerability Insight: A vulnerability has been discovered and corrected in mono: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message (CVE-2012-3382). The updated packages have been patched to correct this issue. Affected Software/OS: mono on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3382 MDVSA-2012:140 http://www.mandriva.com/security/advisories?name=MDVSA-2012:140 [oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page http://www.openwall.com/lists/oss-security/2012/07/06/11 https://bugzilla.novell.com/show_bug.cgi?id=769799 https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 openSUSE-SU-2012:0974 https://hermes.opensuse.org/messages/15374367
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.