Microsoft .NET 'ASP.NET' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

The host is running Microsoft .NET and is prone to Cross-Site Scripting Vulnerability.

Impact

Successful exploitation could allow attackers to conduct cross-site scripting attacks against the form control via the __VIEWSTATE parameter.

Solution

Upgrade to Microsoft .NET 1.1 or later, For updates refer to http://www.microsoft.com/downloads/details.aspx?displaylang=en

Insight

The flaw is due to error in the default configuration of 'ASP.NET' it has a value of FALSE for the EnableViewStateMac property when processing the '__VIEWSTATE' parameter.

Affected

Microsoft .NET version prior to 1.1

References

http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2085
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

BitDefender Internet Security 2009 XSS Vulnerability
Detect the HTTP RPC endpoint mapper
Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)
Opera web browser large javaScript array handling vulnerability
MS Windows HID Functionality(Over USB) Code Execution Vulnerability

Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability

Take action and discover your vulnerabilities