This application requires Javascript for optimal performance.

MS.ASP.NET.Form.Authentication.Insecure.Redirect

Release Date Jan 11, 2012
Severity medium
Impact Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Description This indicates an attack attempt against a URL Spoofing vulnerability in Microsoft ASP.NET. The vulnerability is caused by an error when the vulnerable software handles insecure redirect url. It allows a remote attacker to gain sensitive information from vulnerable systems by sending a crafted return url.
Affected Products Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows XP Service Pack 3 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Server 2003 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Vista Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 when installed on Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows XP Service Pack 3 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Server 2003 Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Vista Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft .NET Framework 4.0 on Windows XP Service Pack 3 Microsoft .NET Framework 4.0 on Windows XP Professional x64 Edition Service Pack 2 Microsoft .NET Framework 4.0 on Windows Server 2003 Service Pack 2 Microsoft .NET Framework 4.0 on Windows Server 2003 x64 Edition Service Pack 2 Microsoft .NET Framework 4.0 on Windows Server 2003 with SP2 for Itanium-based Systems Microsoft .NET Framework 4.0 on Windows Vista Service Pack 2 Microsoft .NET Framework 4.0 on Windows Vista x64 Edition Service Pack 2 Microsoft .NET Framework 4.0 on Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft .NET Framework 4.0 on Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft .NET Framework 4.0 on Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft .NET Framework 4.0 on Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Microsoft .NET Framework 4.0 on Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.0 on Windows Server 2008 R2 for x64-based Systems Microsoft .NET Framework 4.0 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft .NET Framework 4.0 on Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Recommended Actions Refer to the vendor's web site for suggested workaround: http://www.microsoft.com/technet/security/Bulletin/ms11-100.mspx
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2011-3415
Reference/s http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx (MS-ID)

Reference: VID-30715

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2012 Fortinet Inc. All Rights Reserved