header-logo
Suggest Exploit
vendor:
Microsoft ASP.NET
by:
5.5
CVSS
MEDIUM
Remote Information Disclosure
CWE
Product Name: Microsoft ASP.NET
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Remote Information Disclosure Vulnerability in Microsoft ASP.NET

The vulnerability exists in Microsoft ASP.NET due to its failure in securing documents when handling malformed URI requests. An attacker can exploit this vulnerability to bypass authentication required to access files in secured directories.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest security patches provided by Microsoft.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11342/info

Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. 

An attacker may leverage this issue to bypass authentication required to access files in secured directories.

Mozilla Web Browser based proof of concept: 
http://www.example.com/secureDirectory\somefile.aspx 

Microsoft Internet Explorer based proof of concept: 
http://www.example.com/secureDirectory%5Csomefile.aspx

Navigation

Suggest Exploit

Services By CQR