Microsoft .NET Framework Crafted Request Access Restriction Bypass

2006-07-11T17:34:15
ID OSVDB:27153
Type osvdb
Reporter Urs Eichmann()
Modified 2006-07-11T17:34:15

Description

Vulnerability Description

.NET Framework contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to ASP.NET not properly sanitizing URLs, which may allow an attacker to gain unauthorized access to files.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

.NET Framework contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to ASP.NET not properly sanitizing URLs, which may allow an attacker to gain unauthorized access to files.

References:

Security Tracker: 1016465 Secunia Advisory ID:20999 Microsoft Security Bulletin: MS06-033 Microsoft Knowledge Base Article: 917283 ISS X-Force ID: 26802 FrSIRT Advisory: ADV-2006-2751 CVE-2006-1300 Bugtraq ID: 18920