Open redirect

2011-12-3001:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.605 Medium

EPSS

Percentile

97.8%

JSON

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka “Insecure Redirect in .NET Form Authentication Vulnerability.”

CPENameOperatorVersion
windows_7eq sp1x86
windows_7eq sp1x64
windows_server_2008eqr2 itanium
windows_server_2008eq sp2x64
windows_server_2008eq sp2x86
windows_vistaeq- sp2
windows_xpeqsp3 unknown-english

Name	Operator	Version
windows_7	eq	sp1x86
windows_7	eq	sp1x64
windows_server_2008	eq	r2 itanium
windows_server_2008	eq	sp2x64
windows_server_2008	eq	sp2x86
windows_vista	eq	- sp2
windows_xp	eq	sp3 unknown-english