Vulnerability

(MS14-059) Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

Publish date: November 11, 2014

CVE-2014-4075

SEVERITY

HIGH

//  ADVISORY DATE

11 NOV 2014


DESCRIPTION

This update resolves a cross-site scripting vulnerability found in ASP.NET MVC. The vulnerability allows to bypass the built-in security feature in the said software.

SOLUTION

AFFECTED SOFTWARE AND VERSION

  • ASP.NET MVC 2.0
  • ASP.NET MVC 3.0
  • ASP.NET MVC 4.0
  • ASP.NET MVC 5.0
  • ASP.NET MVC 5.1

Featured Stories

Connect with us on