Vulnerability Note VU#283646
Microsoft ASP.NET fails to perform proper canonicalization
Microsoft ASP.NET contains a canonicalization vulnerability that may allow a remote unauthenticated attacker to gain access to secure contents.
Microsoft ASP.NET is a programming framework for creating web applications. The canonicalization routine used by ASP.NET fails to correctly parse URLs.
Depending on the contents of the web site, an attacker may take a variety of actions. For example, a remote unauthenticated attacker may be able to access secure web site contents by using a specially crafted URL.
Install an update
Install an update, as specified by MS05-004.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Avaya||Affected||-||17 Feb 2005|
|Microsoft Corporation||Affected||-||08 Feb 2005|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Toby Beaumont.
This document was written by Will Dormann.
- CVE IDs: CVE-2004-0847
- Date Public: 05 Oct 2004
- Date First Published: 08 Feb 2005
- Date Last Updated: 16 Oct 2007
- Severity Metric: 37.97
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.