 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.902806 |
| Kategorie: | Windows : Microsoft Bulletins |
| Titel: | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) |
| Zusammenfassung: | This host is missing a critical security update according to; Microsoft Bulletin MS11-100. |
| Beschreibung: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-100. Vulnerability Insight: - An error within ASP.NET when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request. - Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL. - The Forms Authentication feature in the ASP.NET subsystem allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username. - The Forms Authentication feature in the ASP.NET subsystem when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL. Vulnerability Impact: Successful exploitation could allow attacker to cause a denial of service, conduct spoofing attacks or bypass certain security restrictions. Affected Software/OS: - Microsoft .NET Framework 4 - Microsoft .NET Framework 3.5.1 - Microsoft .NET Framework 3.5 Service Pack 1 - Microsoft .NET Framework 2.0 Service Pack 2 - Microsoft .NET Framework 1.1 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-3414 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html Cert/CC Advisory: TA11-347A http://www.us-cert.gov/cas/techalerts/TA11-347A.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html Microsoft Security Bulletin: MS11-100 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14588 Common Vulnerability Exposure (CVE) ID: CVE-2011-3415 BugTraq ID: 51202 http://www.securityfocus.com/bid/51202 http://jvn.jp/en/jp/JVN71256611/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815 Common Vulnerability Exposure (CVE) ID: CVE-2011-3416 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14363 Common Vulnerability Exposure (CVE) ID: CVE-2011-3417 BugTraq ID: 51203 http://www.securityfocus.com/bid/51203 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |