PT-2002-1463 · Microsoft · Asp.Net

Published

2002-06-11

Updated

2016-10-18

CVE-2002-0409

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ASP.NET example code (affected versions not specified)

Description The issue allows remote attackers to view the orders of other users by modifying the OrderID parameter in the "orderdetails.aspx" page. This page was made available to Microsoft .NET developers as example code and is demonstrated on www.ibuyspystore.com.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0409

Affected Products

Asp.Net

PT-2002-1463 · Microsoft · Asp.Net

CVE-2002-0409

Related Identifiers

Affected Products

References · 3