More vulnerabilities solved than just the ASP.NET hash collision DoS: Microsoft Security Bulletin MS11-100 – Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
Posted by jpluimers on 2011/12/29
In addition to the ASP.NET hash collision Denial of Service attack, Microsoft patches 3 more vulnerabilities resulting in an Aggregate Severity Rating that is Critical.
This is a summary of the vulnerabilities. Please read the full MS11-100 bulletin for more details and how to download and install the patches.
| Vulnerability Severity Rating | Maximum Security Impact | Affected Software | CVE ID |
| Important | Denial of Service | Collisions in HashTable May Cause DoS Vulnerability | CVE-2011-3414 |
| N/A or Moderate | N/A or Spoofing | Insecure Redirect in .NET Form Authentication Vulnerability | CVE-2011-3415 |
| Critical | Elevation of Privilege | ASP.Net Forms Authentication Bypass Vulnerability | CVE-2011-3416 |
| Important | Elevation of Privilege | ASP.NET Forms Authentication Ticket Caching Vulnerability | CVE-2011-3417 |
The CVE-2011-3415 is N/A in .NET 1.1, and Moderate in all other .NET versions.
–jeroen
Leave a Reply