Microsoft ASP.NET Insecure Site Configuration Vulnerability (2905247) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft advisory (2905247).

Impact

Successful exploitation will allow remote attackers to use specially crafted HTTP content to inject code to be run in the context of the service account on the ASP.NET server. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, https://technet.microsoft.com/en-us/security/advisory/2905247

Insight

Flaw is due to the view state that exists when Machine Authentication Code (MAC) validation is disabled through configuration settings.

Affected

Microsoft .NET Framework versions 1.1, 2.0, 3.5, 3.5.1, 4.0, 4.5 and 4.5.1

Detection

Get the vulnerable file version and check appropriate patch is applied or not.

References

http://support.microsoft.com/kb/2905247
https://technet.microsoft.com/en-us/security/advisory/2905247

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Windows Indeo Codec Multiple Vulnerabilities
SMB Registry : SQL7 Patches
scan for UPNP hosts
Microsoft Sidebar and Gadgets Remote Code Execution Vulnerability (2719662)
MS Windows Help and Support Center Remote Code Execution Vulnerability

Take action and discover your vulnerabilities