7.1 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.034 Low
EPSS
Percentile
91.2%
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by “replaying the ViewState for a known number.”
secunia.com/advisories/20830
securityreason.com/securityalert/1139
securitytracker.com/id?1016371
www.securityfocus.com/archive/1/438159/100/0/threaded
www.securityfocus.com/bid/18315
www.symantec.com/enterprise/research/SYMSA-2006-005.txt
www.vupen.com/english/advisories/2006/2518
exchange.xforce.ibmcloud.com/vulnerabilities/27409