[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110507

 
 

909

 
 

86504

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-3415Date: (C)2011-12-29   (M)2018-06-05


Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
BID-51202
IAVM:2012-A-0001
JVN#71256611
JVNDB-2011-003557
MS11-100

CPE    17
cpe:/o:microsoft:windows_vista:-:sp2
cpe:/o:microsoft:windows_server_2008:-:sp2:x32
cpe:/o:microsoft:windows_xp:sp3:unknown:english
cpe:/o:microsoft:windows_server_2008:r2::itanium
...
CWE    1
CWE-20
OVAL    2
oval:org.secpod.oval:def:3630
oval:org.secpod.oval:def:3633

© SecPod Technologies