HTTP: Microsoft .NET Framework Reflection Bypass Vulnerability
This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. A successful attack can result in the attacker could take complete control of an affected system.
Extended Description
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
References
CVE: CVE-2012-1895
Short Name
HTTP:STC:DOT-NET-REFLECTION
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
.NET Bypass CVE-2012-1895 Framework Microsoft Reflection Vulnerability
Release Date
11/12/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3659
False Positive
Unknown
CVSS Score
9.3