Описание
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Ссылки
- ExploitVendor Advisory
- Broken Link
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- ExploitVendor Advisory
- Broken Link
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1 (включая)
Одно из
cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.52826
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
EPSS
Процентиль: 98%
0.52826
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22