Signature Detail

HTTP: Microsoft .NET Form Authentication Insecure Redirect

This signature detects attempts to exploit a known flaw in Microsoft's .NET framework. The vulnerability is due to insufficient validation of a URL. A remote, unauthenticated attacker could exploit this vulnerability by enticing a target user to visit a URL. Exploitation could lead to information disclosure.

Extended Description

Microsoft .NET Framework is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will redirect a user to a potentially malicious site; this could aid in phishing attacks.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.0 SP2
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server 5.2
• Microsoft .NET Framework 1.1 SP1
• Microsoft .NET Framework 2.0
• Microsoft .NET Framework 2.0 SP1
• Microsoft .NET Framework 2.0 SP2
• Microsoft .NET Framework 3.5
• Microsoft .NET Framework 3.5.1
• Microsoft .NET Framework 3.5 SP1
• Microsoft .NET Framework 4.0

References

• BugTraq: 51202
• CVE: CVE-2011-3415