CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*

History

21 Nov 2024, 01:30

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/51203 - () http://www.securityfocus.com/bid/51203 -
References () http://www.us-cert.gov/cas/techalerts/TA11-347A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA11-347A.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625 -

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

Information

Published : 2011-12-30 01:55

Updated : 2024-11-21 01:30


NVD link : CVE-2011-3417

Mitre link : CVE-2011-3417

CVE.ORG link : CVE-2011-3417


JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_server_2003
  • windows_vista
  • windows_xp
  • windows_7
CWE
CWE-264

Permissions, Privileges, and Access Controls