Lucene search

MitreCVE-2005-1664

HistoryMay 18, 2005 - 4:00 a.m.

CVE-2005-1664

2005-05-1804:00:00

mitre

web.nvd.nist.gov

microsoft

asp.net

viewstate

remote attacks

replay attacks

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.113

Percentile

95.2%

JSON

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application’s state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.

Affected configurations

Nvd

Node

microsoftasp.netMatch1.0

microsoftasp.netMatch1.1

VendorProductVersionCPE
microsoftasp.net1.0cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*
microsoftasp.net1.1cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	asp.net	1.0	cpe:2.3:a:microsoft:asp.net:1.0:::::::*
microsoft	asp.net	1.1	cpe:2.3:a:microsoft:asp.net:1.1:::::::*

References

marc.info/?l=bugtraq&m=111513127704270&w=2

marc.info/?l=bugtraq&m=111532887612517&w=2

scottonwriting.net/sowblog/posts/3747.aspx

secunia.com/advisories/15241

www.osvdb.org/16196

exchange.xforce.ibmcloud.com/vulnerabilities/20409

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.113

Percentile

95.2%

JSON

Related for CVE-2005-1664