CVE-2004-0847 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0847
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0847

Description: The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/17644 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3556 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4987 NTBUGTRAQ http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html MS http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx MISC http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 CERT-VN 283646 CERT http://www.us-cert.gov/cas/techalerts/TA05-039A.html BID 11342

Return to the previous page.