Microsoft ASP.NET Insecure Site Configuration Vulnerability (2905247) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft advisory (2905247).

Impact

Successful exploitation will allow remote attackers to use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/advisory/2905247

Insight

Flaw is due to the view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings.

Affected

Microsoft .NET Framework versions 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5 and 4.5.1

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://support.microsoft.com/kb/2905247
https://technet.microsoft.com/en-us/security/advisory/2905247

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability
Microsoft Visual Studio Insecure Library Loading Vulnerability
Microsoft Windows Service Pack Missing Multiple Vulnerabilities
Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
Microsoft Windows 32-bit Platforms Unspecified vulnerabilities

Take action and discover your vulnerabilities