CVE-2011-3415

CWE-20Improper Input Validation3 documents3 sources
Severity
6.8MEDIUM
EPSS
44.1%
top 2.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows XP
Timeline
PublishedDec 30
Latest updateMay 13

Description

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-px9q-gpw3-m3qw: Open redirect vulnerability in the Forms Authentication feature in the ASP2022-05-13
CVEList
CVE-2011-3415: Open redirect vulnerability in the Forms Authentication feature in the ASP2011-12-30
CVE-2011-3415 (MEDIUM CVSS 6.8) | Open redirect vulnerability in the | cvebase.io