Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2004-11-03 |
| Product | Asp.Net | Last view | 2006-03-23 |
| Version | 1.0 | Type | Application |
| Update | sp1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microsoft:asp.net | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2006-03-23 | CVE-2006-1364 | Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. |
| 4.3 | 2005-02-16 | CVE-2005-0452 | Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". |
| 9.8 | 2004-11-03 | CVE-2004-0847 | The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 50% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-72 | URL Encoding |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 30402 | Microsoft w3wp Crafted COM Component Request DoS |
| 13928 | Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass |
| 13927 | Microsoft ASP.NET Request Validation Mechanism Bypass |
| 13926 | Multiple ASP.NET Implementation Full Width Ascii Character Arbitrary HTML Inj... |
| 10670 | Microsoft ASP.NET Forms .aspx File Authentication Bypass |
| 10557 | Microsoft ASP.NET Canonicalization Authentication Bypass |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-03-15 | Name : Microsoft Security Bulletin MS05-004 File : nvt/remote-MS05-004.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft ASP.NET canonicalization exploit attempt RuleID : 15985 - Type : OS-WINDOWS - Revision : 9 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2005-12-07 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-1116.nasl - Type: ACT_GATHER_INFO |
| 2005-02-09 | Name: It is possible to access confidential documents on the remote web server. File: smb_nt_ms05-004.nasl - Type: ACT_GATHER_INFO |
