Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability

2014-07-01T00:00:00
ID SSV:78361
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/11342/info

Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. 

An attacker may leverage this issue to bypass authentication required to access files in secured directories.

Mozilla Web Browser based proof of concept: 
http://www.example.com/secureDirectory\somefile.aspx 

Microsoft Internet Explorer based proof of concept: 
http://www.example.com/secureDirectory%5Csomefile.aspx