Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:microsoft:asp.net:-:*:*:*:*:*:*:*
There are 2 matching records.
Displaying matches 1 through 2.
Vuln ID Summary CVSS Severity
CVE-2006-1364

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

Published: March 23, 2006; 6:06:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2004-0847

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

Published: November 03, 2004; 12:00:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH