CVE-2011-1977

2011-08-1021:55:00

CWE-200

[email protected]

web.nvd.nist.gov

asp.net

chart controls

.net framework

security vulnerability

http request

information disclosure

nvd

cve-2011-1977

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.059 Low

EPSS

Percentile

93.4%

JSON

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka “Chart Control Information Disclosure Vulnerability.”

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.0
microsoft:chart_control_for_microsoft_.net_frameworkmicrosoft chart control for microsoft .net frameworkeq3.5

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.0
microsoft:chart_control_for_microsoft_.net_framework	microsoft chart control for microsoft .net framework	eq	3.5