HTTP: IIS ASP Cross Site Scripting Bypass
This signature detects attempts to exploit a known vulnerability against Microsoft ASP Web server. Attackers can use this vulnerability to create cross site scripting.
Extended Description
Microsoft ASP.NET is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input before it is rendered in the browser of an unsuspecting user in the context of the affected site. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, with the privileges of the victim users account. This may help the attacker steal cookie-based authentication credentials, retrieve sensitive information, and launch other attacks.
Affected Products
Microsoft windows_xp_media_center_edition
References
BugTraq: 20337
CVE: CVE-2006-3436
URL: http://www.microsoft.com/technet/security/bulletin/MS06-056.mspx
Short Name
HTTP:XSS:IIS-ASP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ASP Bypass CVE-2006-3436 Cross IIS Scripting Site bid:20337
Release Date
10/10/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3