Lucene search

[email protected]CVE-2006-7192

HistoryApr 10, 2007 - 10:19 p.m.

CVE-2006-7192

2007-04-1022:19:00

[email protected]

web.nvd.nist.gov

microsoft

asp .net

xss

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

JSON

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

Affected configurations

NVD

Node

microsoft.net_frameworkMatch2.0

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq2.0

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	2.0

References

osvdb.org/35269

securityreason.com/securityalert/2530

www.cpni.gov.uk/docs/re-20061020-00710.pdf

www.procheckup.com/Vulner_PR0703.php

www.securityfocus.com/archive/1/464796/100/0/threaded

www.securityfocus.com/bid/20753

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.106 Low

EPSS

Percentile

95.1%

JSON

Related for CVE-2006-7192

securityvulns2 nvd1 cvelist1 nessus2