CVE Vulnerabilities

CVE-2011-3417

Published: Dec 30, 2011 | Modified: Sep 28, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka ASP.NET Forms Authentication Ticket Caching Vulnerability.

Affected Software

Name Vendor Start Version End Version
Windows_vista Microsoft * *
Windows_server_2008 Microsoft * *
Windows_server_2008 Microsoft r2 r2
Windows_xp Microsoft sp3 sp3
Windows_server_2008 Microsoft * *
Windows_7 Microsoft - -
Windows_7 Microsoft - -
Windows_server_2008 Microsoft - -
Windows_xp Microsoft * *
Windows_server_2003 Microsoft * *
Windows_7 Microsoft - -
Windows_vista Microsoft - -
Windows_server_2008 Microsoft - -

References