Lucene search
AnonymousEDB-ID:24666HistoryOct 06, 2004 - 12:00 a.m.
Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access
2004-10-0600:00:00
anonymous
www.exploit-db.com
82
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/11342/info
Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests.
An attacker may leverage this issue to bypass authentication required to access files in secured directories.
Mozilla Web Browser based proof of concept:
http://www.example.com/secureDirectory\somefile.aspx
Microsoft Internet Explorer based proof of concept:
http://www.example.com/secureDirectory%5Csomefile.aspxRelated
checkpoint_advisories
checkpoint_advisories
Microsoft ASP.NET Resource Paths Canonicalization (MS05-004; CVE-2004-0847)
2009-11-03 00:00:00
nessus
nessus
MS05-004: ASP.NET Path Validation Vulnerability (887219)
2005-02-09 00:00:00
cvelist
cvelist
CVE-2004-0847
2004-10-06 04:00:00
securityvulns
securityvulns
cve
cve
CVE-2004-0847
2004-11-03 05:00:00
nvd
nvd
CVE-2004-0847
2004-11-03 05:00:00
cert
cert
Microsoft ASP.NET fails to perform proper canonicalization
2005-02-09 00:00:00
openvas
openvas
Microsoft Security Bulletin MS05-004
2009-03-15 00:00:00