ID de Prueba:	1.3.6.1.4.1.25623.1.0.101010
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Security Bulletin MS05-004
Resumen:	A canonicalization vulnerability exists in ASP.NET that could; allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access.
Descripción:	Summary: A canonicalization vulnerability exists in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. Vulnerability Impact: An attacker who successfully exploited this vulnerability could take a variety of actions, depending on the specific contents of the website. Affected Software/OS: Microsoft .NET Framework 1.0: - Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 - Windows XP Service Pack 1 or Windows XP Service Pack 2 - Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, or Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista - Windows XP Tablet PC Edition - Windows XP Media Center Edition - Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 - Windows XP Service Pack 1 or Windows XP Service Pack 2 - Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, or Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 1.1: - Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 - Windows XP Service Pack 1 or Windows XP Service Pack 2 - Windows XP Tablet PC Edition - Windows XP Media Center Edition - Windows XP Professional x64 Edition or Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, or Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista - Windows Server 2003 - Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4 - Windows XP Service Pack 1 or Windows XP Service Pack 2 - Windows XP Tablet PC Edition - Windows XP Media Center Edition - Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with SP1 for Itanium-based Systems, or Windows Server 2003 with SP2 for Itanium-based Systems Solution: Microsoft has released a patch to correct this issue, you can download it from the references. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0847 BugTraq ID: 11342 http://www.securityfocus.com/bid/11342 Cert/CC Advisory: TA05-039A http://www.us-cert.gov/cas/techalerts/TA05-039A.html CERT/CC vulnerability note: VU#283646 http://www.kb.cert.org/vuls/id/283646 http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 Microsoft Security Bulletin: MS05-004 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004 http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987 XForce ISS Database: windows-forms-security-bypass(17644) https://exchange.xforce.ibmcloud.com/vulnerabilities/17644
Copyright	Copyright (C) 2009 Christian Eric Edjenguele

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.