Microsoft .NET Framework Forms Authentication URI Spoofing Vulnerability (CVE-2011-3415)
Gravité: : Medium
Identifiant(s) CVE: : CVE-2011-3415,MS11-100
Date du conseil: 21 juillet 2015
Description
Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1004887
Trend Micro Deep Security DPI Rule Name: 1004887 - Microsoft .NET Framework Forms Authentication URI Spoofing Vulnerability (CVE-2011-3415)
Affected software and version:
- microsoft windows_7 -
- microsoft windows_server_2003
- microsoft windows_server_2008
- microsoft windows_server_2008 -
- microsoft windows_server_2008 r2
- microsoft windows_vista
- microsoft windows_vista -
- microsoft windows_xp
- microsoft windows_xp sp3