CVE-2010-1459

{"id": "CVE-2010-1459", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-05-27T19:00:00.953", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/04/29/asp-net-cross-site-scripting-followup-mono.aspx", "source": "cve@mitre.org"}, {"url": "http://www.mono-project.com/Vulnerabilities#ASP.NET_View_State_Cross-Site_Scripting", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/40351", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de ASP.NET de Mono anterior a v2.6.4 tiene valor FALSE en la propiedad EnableViewStateMac, esto permite a atacantes remotos provocar un ataque de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado con el par\u00e1metro \r\n__VIEWSTATE en 2.0/menu/menu1.aspx en el XSP sample project."}], "lastModified": "2010-09-09T05:41:26.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mono:mono:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B31A3175-7CC6-4367-9A3C-F3324156C818"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3309DF2-A3A7-4016-95D9-ABB4230083FD"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "098D040B-CD80-41A6-A3DF-06C379BCABA6"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293D8EF8-8A6B-4EBE-B145-C909ADBE32E8"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBB77289-2AED-4BD4-9578-FEB0EC83701E"}, {"criteria": "cpe:2.3:a:mono:mono:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA1D2C56-70EA-48F4-A3B3-1080DF8ABC5D"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7E03067-D1B7-427A-8800-A40DDAF466FE"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23B3DD31-D316-422F-A3E4-9C7D85E0F26C"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E75C91-A3D2-479B-9F3F-B97BC75A5B57"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4299404-6C79-4B21-BB8C-115FA1E3AC28"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "944E7E22-41CA-4E2D-B31A-E602B41C34A0"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9F638AC-EBDC-4886-B798-42D12557573A"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE6384D7-7899-4D7F-B478-BDEDDA415054"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7DEAABB-265B-45B3-8A87-86EB5CCEAE5E"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1B76E4-C12D-4BC6-8745-1AB5C5F32B53"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "919CAD10-2F17-4F94-8116-815E77F5E998"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F79FC32-28BB-44F7-AA6E-E15B24692483"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0546335-1EEF-4946-8B94-69F91697D511"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D24AC82-5BCE-4D9F-8DF1-24BE6C255553"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1A85E81-0778-46B1-A932-C14B6DC08A68"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82CA587E-7272-4C7C-90D3-D0CCBAA76348"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30593717-0C0E-4F05-8690-4A47CA724C20"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723D4817-BB5F-4D65-9258-B0E2992F2738"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A986CA3E-05A4-4D42-86E4-A7AA3A20298B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19877D33-5DBF-40D7-87CB-545558C64771"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29CFCD33-C188-409F-B07A-1F1A064894DD"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F64E7267-E010-4FC8-879A-448C85BC250B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4D32E8-B90B-432D-B6A3-5F9DDEECC206"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "683F75A5-E4E4-4416-8E1C-A2C694A30BA3"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE3CDD7-8553-4CB7-A0A7-B059B4D75B0C"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7AE533-E1E8-494F-BE86-0BFDF30AD3B1"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.13.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BB26E71-AC67-4B9E-BDAE-835DA8C2C443"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9252266-4293-49E3-9492-67F4AF80335B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D22A05F-650E-484D-9F78-8C821EA103E0"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0034178B-13CC-43A0-BBBA-988EC558DA5B"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5014D928-E0E3-4B75-B4B8-44D193446505"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE2C11F2-2A21-481E-8350-F3777A0A8033"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFC21FA7-648F-4E41-962B-664140FA4812"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9788C5D4-ECD7-4F2E-BE0F-F4FFE626A3A3"}, {"criteria": "cpe:2.3:a:mono:mono:1.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9FF02E9-070C-4AAA-ABB7-26FC9E56C7A2"}, {"criteria": "cpe:2.3:a:mono:mono:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA4FE4B4-7514-460F-AD14-40184115092A"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AA11C84-3102-429E-951A-698CE023FDB0"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6003FD8-B371-44AE-B565-6205F68117A4"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1FD98F-ED5D-4247-BC79-1FABC1684557"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87E41880-769F-499E-AFB3-62B78AB765F4"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F5558CC-9D71-472C-B9B5-20481A333AC3"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0895ECCA-B8B3-46BD-9ADE-258AAF205D90"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F3AB679-5630-4F0B-9DF7-D64AFA970D44"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC72C972-FF09-4A5D-9AD4-A422EDADF5AF"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28E60798-6722-4B4F-B06E-7C1E1FDF92EC"}, {"criteria": "cpe:2.3:a:mono:mono:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66E14236-3F37-4047-A3EF-32E9923C35FD"}, {"criteria": "cpe:2.3:a:mono:mono:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18C24C8F-0967-4C1B-8F19-696707C2064B"}, {"criteria": "cpe:2.3:a:mono:mono:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D28CEA5-CA8A-4830-A134-1589AD98B334"}, {"criteria": "cpe:2.3:a:mono:mono:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4BB536F-79EB-42AF-B17B-49BE47CFC215"}, {"criteria": "cpe:2.3:a:mono:mono:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE2CA7F0-C5ED-450D-BAEE-300E27AAD13D"}, {"criteria": "cpe:2.3:a:mono:mono:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A08F0EFF-9F4D-4DD3-BD55-71F34B70648B"}, {"criteria": "cpe:2.3:a:mono:mono:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A12EEE2B-E956-4889-9C55-F23968C17E7D"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E59557D-42A7-4189-97DD-45F31DC1AB6D"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6DFB1E-1DBD-459C-95FE-841253F4F6A6"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E95734E0-1349-4C3C-9557-ADEEA1014C38"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFBAA1F5-522B-4357-B9E8-FC15053C75A1"}, {"criteria": "cpe:2.3:a:mono:mono:2.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B25BDA5E-E1AB-4C9A-A53B-B8863F2A2A40"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}