QwikSec

Security Database

CVE

CWE

Training

CVE-2004-0847

Published: Oct 6, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MS

http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754

x_refsource_MISC

oval:org.mitre.oval:def:4987

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_CERT

windows-forms-security-bypass(17644)

vdb-entry

x_refsource_XF

oval:org.mitre.oval:def:3556

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_BID

20040914 Security bug in .NET Forms Authentication

mailing-list

x_refsource_NTBUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.