Threat Encyclopedia



It indicates an attacker attempted a Cross-Site Scripting attack against Microsoft ASP .NET. Microsoft has built in mechanisms in ASP.NET to prevent Cross-Site Scripting attacks. Unfortunately these security checks can be bypassed if a malicious attacker includes a null character in the beginning of a tag name. This could lead to the execution of arbitrary web script against the system.

affected-products-logoAffected Products

Microsoft ASP.Net 1.1

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References


Telemetry logoTelemetry