CVE-2011-3416

EUVD-2011-3379
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_7
-
microsoftwindows_7
-
microsoftwindows_7
-
microsoftwindows_server_2003
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
*
microsoftwindows_server_2008
-
microsoftwindows_server_2008
-
microsoftwindows_vista
*
microsoftwindows_vista
-
microsoftwindows_xp
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14363
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14363