cbcvebase.
CVE-2011-3417
published 2011-12-30

CVE-2011-3417: The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is…

PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
35.73%
98.3th percentile
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."

Affected

11 ranges
VendorProductVersion rangeFixed in
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
episerverepiserver_cms
microsoftwindows_server_2008
microsoftwindows_xp
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.