Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1977

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1977
Last Modified 04 Oct 2011 10:54:29
Published 10 Aug 2011 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1977

Summary

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."

Vulnerable Systems

Application

  • Chart Control For Microsoft .net Framework 3.5

  • Microsoft .net Framework 4.0


References

CERT - TA11-221A

MS - MS11-066

Related Patches

MS11-066 2567943 2487367 Security Update for .NET Framework 4.0 (All Languages)

MS11-066 2567943 2500170 Security Update for Chart Control for .NET Framework 3.5 SP1 (All Languages)


Last Updated: 27 May 2016 10:56:52