CVE-2005-1664

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://scottonwriting.net/sowblog/posts/3747.aspx
http://www.osvdb.org/16196
http://secunia.com/advisories/15241	Vendor Advisory
http://marc.info/?l=bugtraq&m=111532887612517&w=2
http://marc.info/?l=bugtraq&m=111513127704270&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/20409

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:asp.net:1.0:::::::*
	cpe:2.3:a:microsoft:asp.net:1.1:::::::*

Information

Published : 2005-05-17 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-1664

Mitre link : CVE-2005-1664

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

asp.net

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://scottonwriting.net/sowblog/posts/3747.aspx", "name": "http://scottonwriting.net/sowblog/posts/3747.aspx", "tags": [], "refsource": "MISC"}, {"url": "http://www.osvdb.org/16196", "name": "16196", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/15241", "name": "15241", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=111532887612517&w=2", "name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=111513127704270&w=2", "name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409", "name": "ms-aspnet-viewstate-replay(20409)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1664", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-05-18T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}