Lucene search

PRIOn knowledge basePRION:CVE-2011-1977

HistoryAug 10, 2011 - 9:55 p.m.

Information disclosure

2011-08-1021:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.059 Low

EPSS

Percentile

93.3%

JSON

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka “Chart Control Information Disclosure Vulnerability.”

CPENameOperatorVersion
.net_frameworkeq4.0
chart_control_for_microsoft_.net_frameworkeq3.5 sp1

CPE	Name	Operator	Version
	.net_framework	eq	4.0
	chart_control_for_microsoft_.net_framework	eq	3.5 sp1

References

www.us-cert.gov/cas/techalerts/TA11-221A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-066

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12970

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.059 Low

EPSS

Percentile

93.3%

JSON

Related for PRION:CVE-2011-1977