CVE-2011-3415

Microsoft .NET Framework - Open Redirect

Title source: llm
STIX 2.1

Description

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN71256611/index.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51202
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557

Scores

EPSS 0.2414
EPSS Percentile 97.6%

Details

CWE
CWE-20
Status published
Products (7)
microsoft/windows_7 (3 CPE variants)
microsoft/windows_server_2003
microsoft/windows_server_2008 (4 CPE variants)
microsoft/windows_server_2008 r2
microsoft/windows_vista (2 CPE variants)
microsoft/windows_xp
microsoft/windows_xp sp3 unknown
Published Dec 30, 2011
Tracked Since Feb 18, 2026