8.5

CVE-2011-3416

EPSS 83.53%
Published 30.12.2011 01:55:01
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 7 Version-

Microsoft ≫ Windows 7 Version- Updatesp1 Editionx64

Microsoft ≫ Windows 7 Version- Updatesp1 Editionx86

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Server 2008 Updater2 Editionx64

Microsoft ≫ Windows Server 2008 Updatesp2 Editionitanium

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86

Microsoft ≫ Windows Server 2008 Versionr2 Editionitanium

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Vista Version- Updatesp2

Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64

Microsoft ≫ Windows Xp Versionsp3 Updateunknown Editionenglish

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	83.53%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA11-347A.html

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14363

https://nvd.nist.gov/vuln/detail/CVE-2011-3416

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3416

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3416

EUVD