CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/51203
http://www.us-cert.gov/cas/techalerts/TA11-347A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::r2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
	cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:::::*

History

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64:::::	cpe:2.3:o:microsoft:windows_vista::sp2::::::*

Information

Published : 2011-12-30 01:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-3417

Mitre link : CVE-2011-3417

CVE.ORG link : CVE-2011-3417

JSON object : View

Products Affected

microsoft

windows_7
windows_xp
windows_server_2008
windows_vista
windows_server_2003

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-3417", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-12-30T01:55:01.140", "references": [{"url": "http://www.securityfocus.com/bid/51203", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14625", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka \"ASP.NET Forms Authentication Ticket Caching Vulnerability.\""}, {"lang": "es", "value": "La funci\u00f3n de autenticaci\u00f3n de formularios en el subsistema de ASP.NET de Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1 y 4.0, cuando la p\u00e9rdida de deslizamiento est\u00e1 activada, no controla correctamente el contenido almacenado en cach\u00e9, que permite a atacantes remotos obtener el acceso a las cuentas de usuario arbitrario a trav\u00e9s de una URL a mano, tambi\u00e9n conocido como \"formularios de autenticaci\u00f3n ASP.NET de almacenamiento en cach\u00e9 de la vulnerabilidad\"."}], "lastModified": "2023-12-07T18:38:56.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C9B0563-D613-497D-8F2E-515E6DA00CA5"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78995D27-1EE0-4983-A6A4-BB89B49475E0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}