oval:org.mitre.oval:def:3556

Definition Id: oval:org.mitre.oval:def:3556

Oval ID:	oval:org.mitre.oval:def:3556
Title:	Microsoft .NET Framework v1.1 Security Bypass
Description:	The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0847	Version:	8
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft .NET Framework
Definition Synopsis:
Is the Microsoft .NET Framework 1.1 installed AND A vulnerable version of Microsoft .NET Framework v1.1 is installed. A vulnerable version of Microsoft .NET Framework v1.1 (SP 1) is installed. Is Service Pack 1 for Microsoft .NET Framework 1.1 installed AND the version of System.web.dll is less than 1.1.4322.2037 AND NOT Is the KB886903 patch installed for Microsoft .NET Framework v1.1 sp 1? OR A vulnerable version of Microsoft .NET Framework v1.1 (Gold) is installed. NOT Is Service Pack 1 for Microsoft .NET Framework 1.1 installed AND the version of System.web.dll is less than 1.1.4322.1085 AND NOT Is the KB886904 patch installed for Microsoft .NET Framework v1.1 Gold?