Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Security Bulletin MS06-033

🗓️ 15 Mar 2009 00:00:00Reported by Christian Eric Edjenguele <[email protected]>Type 
openvas
 openvas🔗 plugins.openvas.org👁 19 Views

Microsoft Security Bulletin MS06-033 - ASP.NET Information Disclosur

Related
Code
ReporterTitlePublishedViews
Family
Check Point Advisories		Update Protection against ASP.NET Information Disclosure Vulnerability (MS06-033)
16 Jul 200600:00
checkpoint_advisories
Check Point Advisories		Microsoft ASP.NET Application Folder Information Disclosure (MS06-033; CVE-2006-1300)
31 May 201000:00
checkpoint_advisories
CVE		CVE-2006-1300
11 Jul 200621:00
cve
Cvelist		CVE-2006-1300
11 Jul 200621:00
cvelist
NVD		CVE-2006-1300
11 Jul 200621:05
nvd
OpenVAS		Microsoft Security Bulletin MS06-033
15 Mar 200900:00
openvas
Prion		Authentication flaw
11 Jul 200621:05
prion
securityvulns		Microsoft Security Bulletin MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure &#40;917283&#41;
11 Jul 200600:00
securityvulns
Tenable Nessus		MS06-033: Vulnerabilities in ASP.NET could allow information disclosure (917283)
11 Jul 200600:00
nessus
# OpenVAS Vulnerability Test
# $Id: remote-MS06-033.nasl 8022 2017-12-07 08:23:28Z teissa $
# Description: 
# Microsoft Security Bulletin MS06-033
# Vulnerability in ASP.NET Could Allow Information Disclosure 
#
# Affected Software: 
#
# .NET Framework 2.0 for the following operating system versions: 
# Microsoft Windows 2000 Service Pack 4
# Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2
# Microsoft Windows XP Professional x64 Edition
# Microsoft Windows XP Tablet PC Edition
# Microsoft Windows XP Media Center Edition
# Microsoft Windows Server 2003 or Windows Server 2003 Service Pack 1
# Microsoft Windows Server 2003 for Itanium-based systems and Microsoft Windows Server with SP1 for Itanium-based Systems
# Microsoft Windows Server 2003 x64 Edition
# 
# Non-Affected Software:
#
# Microsoft .NET Framework 1.0
# Microsoft .NET Framework 1.1
# Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
# 
# Tested Microsoft Windows Components:
#
# Affected Components:
#
# ASP.NET
# 
#
# remote-MS06-033.nasl
#
# Author:
# Christian Eric Edjenguele <[email protected]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 and later,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_summary = "This Information Disclosure vulnerability could allow an attacker to bypass ASP.Net security 
and gain unauthorized access to objects in the Application folders explicitly by name.
this could be used to produce useful information that could be used to try to further compromise the affected system.";

tag_solution = "Microsoft has released a patch to correct this issue,
you can download it from the following web site:
http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx";

if(description)
{
script_id(101009);
script_version("$Revision: 8022 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-07 09:23:28 +0100 (Thu, 07 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-03-15 21:56:45 +0100 (Sun, 15 Mar 2009)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_bugtraq_id(18920);
script_cve_id("CVE-2006-1300");
name = "Microsoft Security Bulletin MS06-033";
script_name(name);
 
script_tag(name:"qod_type", value:"remote_banner"); 


script_category(ACT_ATTACK);

script_copyright("Christian Eric Edjenguele <[email protected]>");
family = "Windows : Microsoft Bulletins";
script_family(family);
script_dependencies("find_service.nasl", "remote-detect-MSdotNET-version.nasl");
script_mandatory_keys("dotNET/version");

  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);

exit(0);

}


#
# The script code starts here
#


dotnet = get_kb_item("dotNET/version"); 
port = get_kb_item("dotNET/port");

if(!dotnet)
	exit(0);

else
{

	# Microsoft .NET Framework version 2.0
	if(revcomp(a:dotnet, b:"2.0.50727.101") == -1){

		# Report 'Microsoft ASP.NET Application Folder Information Disclosure Vulnerability (MS06-033)'
		report = 'Missing MS06-033 patch, detected Microsoft .Net Framework version: ' + dotnet;
		security_message(port:port, data:report);
	}
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Dec 2017 00:00Current
6.1Medium risk
Vulners AI Score6.1
EPSS0.40329
microsoft security bulletinasp.netinformation disclosurevulnerabilitypatchmicrosoft windows
19