|
|
CVE Reference: CVE-2004-0847 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2004-0847 |
|
|
Description: The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/17644 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3556 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4987 NTBUGTRAQ http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html MS http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx MISC http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 CERT-VN 283646 CERT http://www.us-cert.gov/cas/techalerts/TA05-039A.html BID 11342 |
|
| Return to the previous page. |
