Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3416

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2011-3416
Last Modified 02 Sep 2013 02:17:57
Published 29 Dec 2011 08:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-3416

Summary

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Vista

  • Microsoft Windows Vista -

  • Microsoft Windows Xp

  • Microsoft Windows Xp Sp3


References

MS - MS11-100

CERT - TA11-347A

Related Patches

MS11-100 2638420 2656358 Security Update for .NET Framework 1.1 SP1 for Windows 2003

MS11-100 2638420 2657424 Security Update for .NET Framework 3.5 SP1 (All Languages)

MS11-100 2638420 2656355 2656356 Security Update for .NET Framework 3.5.1 (All Languages) (Rev 2)

MS11-100 2638420 2656351 Security Update for .NET Framework 4.0 (All Languages) (Rev 3)

MS11-100 2638420 2656352 2656362 Security Update for .NET Framework 2.0 SP2 (All Languages)

MS11-100 Security Update for Microsoft .NET Framework 3.5 SP1 on Win XP, Server 2003, Vista, Server 2008 x86 (KB2657424)

MS11-100 Security Update for .NET Framework 3.5 SP1 on Win XP, Server 2003, Vista and Server 2008 for x64 (KB2657424)

MS12-035 MS11-100 2693777 2638420 2656353 Security Update for .NET Framework 1.1 SP1 (All Languages) (See Notes) (Rev 2)


Last Updated: 27 May 2016 10:57:58