Vulnerability in Microsoft Windows_7
CVE-2011-3416
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP…
EPSS: 0.528 (98.0th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Windows_7
- Microsoft Windows_server_2003
- Microsoft Windows_server_2008 — versions r2
- Microsoft Windows_vista
- Microsoft Windows_xp — versions sp3
- N/a — versions n/a
Weakness classification (CWE)
References
- oval:org.mitre.oval:def:14363 (x_refsource_OVAL, signature, vdb-entry)
- TA11-347A (US Government Resource, x_refsource_CERT, third-party-advisory)
- MS11-100 (x_refsource_MS, vendor-advisory)