Microsoft .NET 'ASP.NET' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

The host is running Microsoft .NET and is prone to Cross-Site Scripting Vulnerability.

Impact

Successful exploitation could allow attackers to conduct cross-site scripting attacks against the form control via the __VIEWSTATE parameter.

Solution

Upgrade to Microsoft .NET 1.1 or later, For updates refer to http://www.microsoft.com/downloads/details.aspx?displaylang=en

Insight

The flaw is due to error in the default configuration of 'ASP.NET' it has a value of FALSE for the EnableViewStateMac property when processing the '__VIEWSTATE' parameter.

Affected

Microsoft .NET version prior to 1.1

References

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2085

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Microsoft Windows TLS/SSL Spoofing Vulnerability (977377)
MS Windows HID Functionality(Over USB) Code Execution Vulnerability
Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
Microsoft Office Excel ReadAV Arbitrary Code Execution Vulnerability
Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)

Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability

Take action and discover your vulnerabilities