CVSS: 2.6EPSS: 96%CPEs: 7EXPL: 0CVE-2009-1536
https://notcve.org/view.php?id=CVE-2009-1536
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." ASP.NET en Microsoft .NET Framework v2.0 SP1 y SP2 y v3.5 Gold y SP1, cuando ASP 2.0 es usado en modo integrado sobre IIS v7.0, no administra adecuadamente las peticiones de planificación, lo que permite a atacantes remotos provocar una denegación de servicio (parada de demonio) a través de una serie de peticiones HTTP manipuladas, también conocida como "Vulnerabilidad de denegación de servicio remota no autenticada en ASP.NET". • http://blogs.technet.com/srd/archive/2009/08/11/ms09-035-asp-net-denial-of-service-vulnerability.aspx http://osvdb.org/56905 http://secunia.com/advisories/36127 http://www.securityfocus.com/bid/35985 http://www.securitytracker.com/id?1022715 http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://www.vupen.com/english/advisories/2009/2231 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-036 https://oval.cisecurity.org/repository/search/definition • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 36%CPEs: 45EXPL: 0CVE-2008-3842
https://notcve.org/view.php?id=CVE-2008-3842
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. Validación de la petición (también conocido como los filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework sin la actualización MS07-040 no detecta correctamente entradas de cliente peligrosas, lo cual permite a atacantes remotos llevar a cabo un ataque de secuencia de comandos en sitios cruzados (XSS), como lo demostrado por una cadena de consulta que contiene una secuencia "</" (menos-que barra invertida). • http://securityreason.com/securityalert/4193 http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf http://www.securityfocus.com/archive/1/495667/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 33%CPEs: 50EXPL: 0CVE-2008-3843
https://notcve.org/view.php?id=CVE-2008-3843
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element. Request Validation (tambien conocida como filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework con la actualización MS07-040, no detecta de forma adecuada las entradas peligrosas de clientes, lo que permite a atacantes, conducir ataques de secuencias de comandos en sitios cruzados (XSS) como se demostró mediante una petición que contenía la cadena "<~/" (menor que, tilde y barra) seguida de un elemento STYLE manipulado. • http://securityreason.com/securityalert/4193 http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf http://www.procheckup.com/Vulnerability_PR08-20.php http://www.securityfocus.com/archive/1/495667/100/0/threaded http://www.securityfocus.com/archive/1/496071/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 67%CPEs: 7EXPL: 0CVE-2007-0041
https://notcve.org/view.php?id=CVE-2007-0041
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. El servicio PE Loader en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que involucran un "unchecked buffer" y longitudes de mensajes sin invalidar, probablemente un desbordamiento de búfer. • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35954 http://secunia.com/advisories/26003 http://www.securityfocus.com/bid/24778 http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/34637 https://oval.cisecurity.org/repo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 67%CPEs: 7EXPL: 0CVE-2007-0043
https://notcve.org/view.php?id=CVE-2007-0043
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". El servicio Just In Time (JIT) Compiler en Microsoft .NET Framework versiones 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de vectores no específicos que involucran un "unchecked buffer," probablemente un desbordamiento de búfer, también se conoce como ".NET JIT Compiler Vulnerability ". • http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html http://osvdb.org/35956 http://secunia.com/advisories/26003 http://www.securityfocus.com/bid/24811 http://www.securitytracker.com/id?1018356 http://www.us-cert.gov/cas/techalerts/TA07-191A.html http://www.vupen.com/english/advisories/2007/2482 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040 https://exchange.xforce.ibmcloud.com/vulnerabilities/34639 https://oval.cisecurity.org/repo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •