IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

CVE-2005-1450

Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

VulnCheck KEV: CVE-2004-0847

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a 1 "" backslash or 2 "%5C" encoded backslash, aka "Path Validation Vulnerability."...

Microsoft Security Bulletin MS05-004 ASP.NET Path Validation Vulnerability (887219)

Microsoft Security Bulletin MS05-004 ASP.NET Path Validation Vulnerability 887219 Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® .NET Framework Impact of Vulnerability: Information Disclosure, possible Elevation of Privilege...

CVE-2004-0847

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a 1 "" backslash or 2 "%5C" encoded backslash, aka "Path Validation Vulnerability."...

CVE-2004-0847

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a 1 "" backslash or 2 "%5C" encoded backslash, aka "Path Validation Vulnerability."...

FreeBSD : CVS path validation errors (32)

The following package needs to be updated: cvs+ipv6 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg0792e7a78e3711d890d10020ed76ef5a.nasl. Disabled on 2011/10/01. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

FreeBSD-SA-04:07.cvs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:07.cvs Security Advisory The FreeBSD Project Topic: CVS path validation errors Category: contrib Module: contribcvs Announced: 2004-04-15 Revised: 2004-04-16...

CVS path validation errors

Two programming errors were discovered in which path names handled by CVS were not properly validated. In one case, the CVS client accepts absolute path names from the server when determining which files to update. In another case, the CVS server accepts relative path names from the client when...