Release DateJan 05, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser. |
DescriptionIt indicates an attacker attempted a Cross-Site Scripting attack against Microsoft ASP .NET.There are built in mechanisms in ASP.NET to prevent Cross-Site Scripting attacks, unfortunately, these security checks can be bypassed if a malicious attacker includes a null character in the beginning of a tag name. This could lead to the execution of arbitrary web script against the system. |
Affected ProductsMicrosoft ASP.Net 1.1 |
Recommended ActionsApply appropriate patch from the vendor or Upgrade to non-vulnerable version if available. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2003-0768 |
