 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.902806 |
| Category: | Windows : Microsoft Bulletins |
| Title: | Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) |
| Summary: | This host is missing a critical security update according to; Microsoft Bulletin MS11-100. |
| Description: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-100. Vulnerability Insight: - An error within ASP.NET when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request. - Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL. - The Forms Authentication feature in the ASP.NET subsystem allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username. - The Forms Authentication feature in the ASP.NET subsystem when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL. Vulnerability Impact: Successful exploitation could allow attacker to cause a denial of service, conduct spoofing attacks or bypass certain security restrictions. Affected Software/OS: - Microsoft .NET Framework 4 - Microsoft .NET Framework 3.5.1 - Microsoft .NET Framework 3.5 Service Pack 1 - Microsoft .NET Framework 2.0 Service Pack 2 - Microsoft .NET Framework 1.1 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-3414 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html Cert/CC Advisory: TA11-347A http://www.us-cert.gov/cas/techalerts/TA11-347A.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html Microsoft Security Bulletin: MS11-100 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14588 Common Vulnerability Exposure (CVE) ID: CVE-2011-3415 BugTraq ID: 51202 http://www.securityfocus.com/bid/51202 http://jvn.jp/en/jp/JVN71256611/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815 Common Vulnerability Exposure (CVE) ID: CVE-2011-3416 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14363 Common Vulnerability Exposure (CVE) ID: CVE-2011-3417 BugTraq ID: 51203 http://www.securityfocus.com/bid/51203 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |