7.8
CVE-2007-0042
- EPSS 81.77%
- Veröffentlicht 10.07.2007 22:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
LoginInterpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version1.0
Microsoft ≫ Windows 2000 Version-
Microsoft ≫ Windows 2003 Server Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
Microsoft ≫ Windows 2003 Server Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
Microsoft ≫ .Net Framework Version1.1
Microsoft ≫ Windows 2000 Version-
Microsoft ≫ Windows 2003 Server Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
Microsoft ≫ Windows 2003 Server Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
Microsoft ≫ .Net Framework Version2.0
Microsoft ≫ Windows 2000 Version-
Microsoft ≫ Windows 2003 Server Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
Microsoft ≫ Windows 2003 Server Version-
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 81.77% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.