Computer Security
[EN] securityvulns.ru no-pyccku


Filtering / protection bypass in Microsoft ASP.NET
Published:06.04.2007
Source:
SecurityVulns ID:7537
Type:remote
Threat Level:
5/10
Description:There are multiple ways to bypass filtering functions and conduct crossite scripting attack.
Affected:MICROSOFT : ASP.NET 2.0
CVE:CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.)
Original documentdocumentProCheckUp Research, Microsoft .NET request filtering bypass vulnerability (BID 20753) (06.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod