Summary
A canonicalization vulnerability exists in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site
and gain unauthorized access. An attacker who successfully exploited this vulnerability could take a variety of actions,
depending on the specific contents of the website.
Solution
Microsoft has released a patch to correct this issue, you can download it from the following web site:
http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx
Severity
Classification
-
CVE CVE-2004-0847 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
- Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)