This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:IIS:ASP-FORMS-DISCLOSURE
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
ASP.NET Forms Authentication Information Disclosure
|
Release Date |
2012/01/03
|
Update Number |
2057
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: ASP.NET Forms Authentication Information Disclosure
This signature detects attempts to exploit a known vulnerability against ASP.NET. Remote authenticated attackers can obtain access to arbitrary user accounts via a crafted username.
Extended Description
Microsoft .NET Framework is prone to a authentication-bypass vulnerability in ASP.NET.
An attacker can exploit this issue to gain unauthorized access to another users account. Successful exploits will allow attackers to execute arbitrary commands with the privileges of the targeted user.
Affected Products
- Avaya aura_conferencing 6.0 Standard
- Avaya callpilot 4.0
- Avaya callpilot 5.0
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Avaya meeting_exchange 5.0
- Avaya meeting_exchange 5.0.0.0.52
- Avaya meeting_exchange 5.0 SP1
- Avaya meeting_exchange 5.0 SP2
- Avaya meeting_exchange 5.1
- Avaya meeting_exchange 5.1 SP1
- Avaya meeting_exchange 5.2
- Avaya meeting_exchange 5.2 SP1
- Avaya meeting_exchange 5.2 SP2
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Avaya messaging_application_server 5.2
- Microsoft .net_framework 1.1
- Microsoft .net_framework 1.1 SP1
- Microsoft .net_framework 1.1 SP2
- Microsoft .net_framework 1.1 SP3
- Microsoft .net_framework 2.0
- Microsoft .net_framework 2.0 SP1
- Microsoft .net_framework 2.0 SP2
- Microsoft .net_framework 3.5
- Microsoft .net_framework 3.5 SP1
- Microsoft .net_framework 4.0
References