Executive Summary

Summary
Title Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
Informations
Name MS11-100 First vendor Publication 2011-12-29
Vendor Microsoft Last vendor Modification 2012-07-10
Severity (Vendor) Critical Revision 1.6

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.6 (July 10, 2012): Microsoft revised this bulletin to communicate a minor detection change for KB2657424 for Microsoft .NET Framework 3.5 Service Pack 1 to correct an offering issue. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.

Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-100

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-399 Resource Management Errors
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14363
 
Oval ID: oval:org.mitre.oval:def:14363
Title: ASP.Net Forms Authentication Bypass Vulnerability
Description: The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3416
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14588
 
Oval ID: oval:org.mitre.oval:def:14588
Title: Collisions in HashTable May Cause DoS Vulnerability
Description: The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3414
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14625
 
Oval ID: oval:org.mitre.oval:def:14625
Title: ASP.NET Forms Authentication Ticket Caching Vulnerability
Description: The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3417
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14815
 
Oval ID: oval:org.mitre.oval:def:14815
Title: Insecure Redirect in .NET Form Authentication Vulnerability
Description: Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3415
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 3
Os 1
Os 5
Os 2
Os 2

OpenVAS Exploits

Date Description
2011-12-30 Name : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
File : nvt/secpod_ms11-100.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78057 Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS

78056 Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content P...

78055 Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass

78054 Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary S...

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-01-05 IAVM : 2012-A-0001 - Multiple Vulnerabilities in Microsoft .NET Framework
Severity : Category I - VMSKEY : V0030927

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows IIS .NET null character username truncation attempt
RuleID : 25251 - Revision : 5 - Type : SERVER-IIS
2014-01-10 Microsoft Windows IIS .NET null character username truncation attempt
RuleID : 25250 - Revision : 6 - Type : SERVER-IIS
2014-01-10 Microsoft Windows IIS .NET null character username truncation attempt
RuleID : 20829 - Revision : 9 - Type : SERVER-IIS
2014-01-10 Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt
RuleID : 20828 - Revision : 10 - Type : SERVER-IIS
2014-01-10 generic web server hashing collision attack
RuleID : 20825 - Revision : 11 - Type : SERVER-WEBAPP
2014-01-10 generic web server hashing collision attack
RuleID : 20824 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 generic web server hashing collision attack
RuleID : 20823 - Revision : 4 - Type : DOS

Nessus® Vulnerability Scanner

Date Description
2012-07-17 Name : The remote device has a denial of service vulnerability.
File : juniper_psn-2012-07-650.nasl - Type : ACT_GATHER_INFO
2011-12-29 Name : The version of ASP.NET Framework installed on the remote host is affected by ...
File : smb_nt_ms11-100.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2016-04-26 23:05:30
  • Multiple Updates
2014-02-17 11:47:12
  • Multiple Updates
2014-01-19 21:30:46
  • Multiple Updates
2013-12-31 13:22:39
  • Multiple Updates
2013-11-11 12:41:26
  • Multiple Updates
2013-01-30 13:26:56
  • Multiple Updates