ID CVE-2006-1300
Summary Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2007-02-20T13:40:31.216-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name John Hoyland
    organization Centennial Software
definition_extensions
comment Microsoft .NET Framework 2.0 (Original RTM or later) is installed
oval oval:org.mitre.oval:def:1934
description Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
family windows
id oval:org.mitre.oval:def:419
status accepted
submitted 2006-07-25T12:05:33
title .NET 2.0 Application Folder Information Disclosure Vulnerability
version 26
refmap via4
bid 18920
ms MS06-033
osvdb 27153
sectrack 1016465
secunia 20999
vupen ADV-2006-2751
xf ms-aspnet-appcode-information-disclosure(26802)
vulnerable_product via4 cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*
Last major update 12-10-2018 - 21:39
Published 11-07-2006 - 21:05
Back to Top