cpe:/o:microsoft:windows_7:-:-:x32 cpe:/o:microsoft:windows_7:-:-:x64 cpe:/o:microsoft:windows_7:-:sp1:x32 cpe:/o:microsoft:windows_7:-:sp1:x64 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_server_2003::sp2:itanium cpe:/o:microsoft:windows_server_2003::sp2:x64 cpe:/o:microsoft:windows_server_2008::r2:x64 cpe:/o:microsoft:windows_server_2008::sp2:itanium cpe:/o:microsoft:windows_server_2008:-:sp2:x32 cpe:/o:microsoft:windows_server_2008:-:sp2:x64 cpe:/o:microsoft:windows_server_2008:r2::itanium cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium cpe:/o:microsoft:windows_server_2008:r2:sp1:x64 cpe:/o:microsoft:windows_vista::sp2:x64 cpe:/o:microsoft:windows_vista:-:sp2 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_xp:sp3:unknown:english CVE-2011-3415 2011-12-29T20:55:01.063-05:00 2017-09-18T21:33:58.103-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-12-30T13:00:00.000-05:00 BID 51202 IAVM IAVM:2012-A-0001 JVN JVN#71256611 JVNDB JVNDB-2011-003557 MS MS11-100 Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."