More vulnerabilities solved than just the ASP.NET hash collision DoS: Microsoft Security Bulletin MS11-100 – Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
Posted by jpluimers on 2011/12/29
In addition to the ASP.NET hash collision Denial of Service attack, Microsoft patches 3 more vulnerabilities resulting in an Aggregate Severity Rating that is Critical.
This is a summary of the vulnerabilities. Please read the full MS11-100 bulletin for more details and how to download and install the patches.
Vulnerability Severity Rating | Maximum Security Impact | Affected Software | CVE ID |
Important | Denial of Service | Collisions in HashTable May Cause DoS Vulnerability | CVE-2011-3414 |
N/A or Moderate | N/A or Spoofing | Insecure Redirect in .NET Form Authentication Vulnerability | CVE-2011-3415 |
Critical | Elevation of Privilege | ASP.Net Forms Authentication Bypass Vulnerability | CVE-2011-3416 |
Important | Elevation of Privilege | ASP.NET Forms Authentication Ticket Caching Vulnerability | CVE-2011-3417 |
The CVE-2011-3415 is N/A in .NET 1.1, and Moderate in all other .NET versions.
–jeroen
This entry was posted on 2011/12/29 at 23:07 and is filed under .NET, ASP.NET, C#, Development, Software Development, VB.NET, Visual Studio and tools. Tagged: denial of service attack, dos vulnerability, hash collision, microsoft patches, microsoft security bulletin, severity rating. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave a Reply