CVE-2011-3417

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

he Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."

References

Link	Resource
http://www.securityfocus.com/bid/51203
http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625
http://www.securityfocus.com/bid/51203
http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
	cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:::::*

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/51203 -~~	() http://www.securityfocus.com/bid/51203 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA11-347A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA11-347A.html - US Government Resource
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625 -

Information

Published : 2011-12-30 01:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-3417

Mitre link : CVE-2011-3417

CVE.ORG link : CVE-2011-3417

JSON object : View

Products Affected

microsoft

CWE

CWE-264

Permissions, Privileges, and Access Controls

9.3 /10