Description
Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN71256611/index.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51202
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557
Scores
EPSS
0.2414
EPSS Percentile
97.6%
Details
CWE
CWE-20
Status
published
Products (7)
microsoft/windows_7
(3 CPE variants)
microsoft/windows_server_2003
microsoft/windows_server_2008
(4 CPE variants)
microsoft/windows_server_2008
r2
microsoft/windows_vista
(2 CPE variants)
microsoft/windows_xp
microsoft/windows_xp
sp3 unknown
Published
Dec 30, 2011
Tracked Since
Feb 18, 2026