CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://jvn.jp/en/jp/JVN71256611/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557
http://www.securityfocus.com/bid/51202
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815
http://jvn.jp/en/jp/JVN71256611/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557
http://www.securityfocus.com/bid/51202
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
	cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:::::*

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN71256611/index.html -~~	() http://jvn.jp/en/jp/JVN71256611/index.html -
References	~~() http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557 -~~	() http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557 -
References	~~() http://www.securityfocus.com/bid/51202 -~~	() http://www.securityfocus.com/bid/51202 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815 -

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	cpe:2.3:o:microsoft:windows_vista::sp2::::::*

Information

Published : 2011-12-30 01:55

Updated : 2024-11-21 01:30

NVD link : CVE-2011-3415

Mitre link : CVE-2011-3415

CVE.ORG link : CVE-2011-3415

JSON object : View

Products Affected

microsoft

windows_server_2008
windows_server_2003
windows_vista
windows_xp
windows_7

CWE

CWE-20

Improper Input Validation

6.8 /10