CVE-2011-3416
Published Dec 30, 2011
Last updated a year ago
Overview
- Description
- The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78995D27-1EE0-4983-A6A4-BB89B49475E0"
}
],
"operator": "OR"
}
]
}
]