HTTP: ASP.NET Forms Authentication Information Disclosure
This signature detects attempts to exploit a known vulnerability against ASP.NET. Remote authenticated attackers can obtain access to arbitrary user accounts via a crafted username.
Extended Description
Microsoft .NET Framework is prone to a authentication-bypass vulnerability in ASP.NET. An attacker can exploit this issue to gain unauthorized access to another users account. Successful exploits will allow attackers to execute arbitrary commands with the privileges of the targeted user.
Affected Products
Avaya messaging_application_server,Avaya meeting_exchange
Short Name
HTTP:IIS:ASP-FORMS-DISCLOSURE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ASP.NET Authentication CVE-2011-3416 Disclosure Forms Information bid:51201
Release Date
01/03/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
8.5