First published: Thu May 27 2010(Updated: )
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mono Mono | =2.4.2.2 | |
Mono Mono | =1.1.17.2 | |
Mono Mono | =1.1.11 | |
Mono Mono | =1.9 | |
Mono Mono | =1.1.13.8 | |
Mono Mono | =2.2 | |
Mono Mono | =1.1.13.4 | |
Mono Mono | =1.1.13.5 | |
Mono Mono | =1.2.2 | |
Mono Mono | =1.1.13 | |
Mono Mono | =1.0 | |
Mono Mono | =1.1.8 | |
Mono Mono | =1.1.8.3 | |
Mono Mono | =1.1.3 | |
Mono Mono | =1.2.5.2 | |
Mono Mono | =2.0.1 | |
Mono Mono | =1.2.1 | |
Mono Mono | =1.0.2 | |
Mono Mono | =1.0.1 | |
Mono Mono | =2.4.2.3 | |
Mono Mono | =1.1.5 | |
Mono Mono | =1.2.4 | |
Mono Mono | =1.1.10 | |
Mono Mono | =1.1.6 | |
Mono Mono | =1.1.17.1 | |
Mono Mono | =1.1.15 | |
Mono Mono | =1.2.5.1 | |
Mono Mono | =1.1.18 | |
Mono Mono | =1.1.1 | |
Mono Mono | =1.2.5 | |
Mono Mono | =1.1.8.1 | |
Mono Mono | =2.4.2.1 | |
Mono Mono | =1.2.3.1 | |
Mono Mono | =1.0.5 | |
Mono Mono | =1.1.10.1 | |
Mono Mono | =1.1.14 | |
Mono Mono | =2.4 | |
Mono Mono | =1.1.13.8.1 | |
Mono Mono | =1.0.6 | |
Mono Mono | =2.4.3 | |
Mono Mono | =1.1.13.7 | |
Mono Mono | =1.2.6 | |
Mono Mono | =1.1.13.2 | |
Mono Mono | =1.0.4 | |
Mono Mono | =1.9.1 | |
Mono Mono | =1.1.16 | |
Mono Mono | =1.1.17 | |
Mono Mono | =1.1.16.1 | |
Mono Mono | =1.1.12 | |
Mono Mono | =1.1.2 | |
Mono Mono | =1.2 | |
Mono Mono | =1.1.9 | |
Mono Mono | =1.1.7 | |
Mono Mono | =1.1.4 | |
Mono Mono | =2.0 | |
Mono Mono | =1.1.13.6 | |
Mono Mono | =1.1.9.1 | |
Mono Mono | =2.4.2 | |
Mono Mono | =1.2.2.1 | |
Mono Mono | =1.2.3 | |
Mono Mono | =1.1.12.1 | |
Mono Mono | =1.1.9.2 | |
nuget/mono | <2.6.4 | 2.6.4 |
=1.0 | ||
=1.0.1 | ||
=1.0.2 | ||
=1.0.4 | ||
=1.0.5 | ||
=1.0.6 | ||
=1.1.1 | ||
=1.1.2 | ||
=1.1.3 | ||
=1.1.4 | ||
=1.1.5 | ||
=1.1.6 | ||
=1.1.7 | ||
=1.1.8 | ||
=1.1.8.1 | ||
=1.1.8.3 | ||
=1.1.9 | ||
=1.1.9.1 | ||
=1.1.9.2 | ||
=1.1.10 | ||
=1.1.10.1 | ||
=1.1.11 | ||
=1.1.12 | ||
=1.1.12.1 | ||
=1.1.13 | ||
=1.1.13.2 | ||
=1.1.13.4 | ||
=1.1.13.5 | ||
=1.1.13.6 | ||
=1.1.13.7 | ||
=1.1.13.8 | ||
=1.1.13.8.1 | ||
=1.1.14 | ||
=1.1.15 | ||
=1.1.16 | ||
=1.1.16.1 | ||
=1.1.17 | ||
=1.1.17.1 | ||
=1.1.17.2 | ||
=1.1.18 | ||
=1.2 | ||
=1.2.1 | ||
=1.2.2 | ||
=1.2.2.1 | ||
=1.2.3 | ||
=1.2.3.1 | ||
=1.2.4 | ||
=1.2.5 | ||
=1.2.5.1 | ||
=1.2.5.2 | ||
=1.2.6 | ||
=1.9 | ||
=1.9.1 | ||
=2.0 | ||
=2.0.1 | ||
=2.2 | ||
=2.4 | ||
=2.4.2 | ||
=2.4.2.1 | ||
=2.4.2.2 | ||
=2.4.2.3 | ||
=2.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.