CVE-2011-1977 — Sensitive Information Exposure in Microsoft Chart Control FOR Microsoft NET Framework

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

21.0%

top 4.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Chart Control FOR Microsoft NET Framework Microsoft NET Framework

Timeline

PublishedAug 10

Latest updateMay 13

Description

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/chart_control3.5

▶NVDmicrosoft/net_framework4.0

🔴Vulnerability Details

GHSA

GHSA-rwqg-2c4p-x632: The ASP↗2022-05-13

▶

CVEList

CVE-2011-1977: The ASP↗2011-08-10

▶