Lucene search

[email protected]CVE-2005-1664

HistoryMay 18, 2005 - 4:00 a.m.

CVE-2005-1664

2005-05-1804:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

asp.net

viewstate

remote attacks

replay attacks

nvd

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.113 Low

EPSS

Percentile

95.2%

JSON

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application’s state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.

CPENameOperatorVersion
microsoft:asp.netmicrosoft asp.neteq1.0
microsoft:asp.netmicrosoft asp.neteq1.1

CPE	Name	Operator	Version
microsoft:asp.net	microsoft asp.net	eq	1.0
microsoft:asp.net	microsoft asp.net	eq	1.1

References

marc.info/?l=bugtraq&m=111513127704270&w=2

marc.info/?l=bugtraq&m=111532887612517&w=2

scottonwriting.net/sowblog/posts/3747.aspx

secunia.com/advisories/15241

www.osvdb.org/16196

exchange.xforce.ibmcloud.com/vulnerabilities/20409

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.113 Low

EPSS

Percentile

95.2%

JSON