Summary
The host is running Microsoft .NET and is prone to Cross-Site Scripting Vulnerability.
Impact
Successful exploitation could allow attackers to conduct cross-site scripting attacks against the form control via the __VIEWSTATE parameter.
Solution
Upgrade to Microsoft .NET 1.1 or later,
For updates refer to http://www.microsoft.com/downloads/details.aspx?displaylang=en
Insight
The flaw is due to error in the default configuration of 'ASP.NET' it has a value of FALSE for the EnableViewStateMac property when processing the '__VIEWSTATE' parameter.
Affected
Microsoft .NET version prior to 1.1
References
Severity
Classification
-
CVE CVE-2010-2085 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities