QwikSec

Security Database

CVE

CWE

Training

CVE-2007-0042

Published: Jul 10, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_MS

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:2070

vdb-entry

signature

x_refsource_OVAL

third-party-advisory

x_refsource_SECUNIA

http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf

x_refsource_MISC

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.