PT-2010-3695 · Microsoft · Asp.Net

Published

2010-05-27

Updated

2010-05-28

CVE-2010-2085

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ASP.NET in Microsoft .NET versions prior to 1.1

Description The issue concerns the default configuration of ASP.NET, where the EnableViewStateMac property is set to FALSE. This setting allows remote attackers to conduct cross-site scripting (XSS) attacks by manipulating the VIEWSTATE parameter.

Recommendations For versions prior to 1.1, set the EnableViewStateMac property to TRUE to prevent cross-site scripting attacks via the VIEWSTATE parameter.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-2085

Affected Products

Asp.Net

PT-2010-3695 · Microsoft · Asp.Net

CVE-2010-2085

Weakness Enumeration

Related Identifiers

Affected Products

References · 4