Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0847

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0847
Last Modified 10 Sep 2008 03:28:02
Published 03 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0847

Summary

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

Vulnerable Systems

Application

  • Microsoft Asp.net


References

CERT - TA05-039A

CERT-VN - VU#283646

XF - windows-forms-security-bypass(17644)

MS - MS05-004

NTBUGTRAQ - 20040914 Security bug in .NET Forms Authentication

BID - 11342

MISC - http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754


Last Updated: 27 May 2016 10:38:46