CVE-2020-1476: An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. To exploit this vulnerability, an attacker would need to send a specially crafted request to an affected server. The update addresses the vulnerability by changing how ASP.NET and .NET handle requests.

Affected

35 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	microsoft_net_framework_2.0_service_pack_2	>= 2.0.0 < publication	publication
microsoft	microsoft_net_framework_3.5	>= 3.5.0 < publication	publication
microsoft	microsoft_net_framework_3.5.1	>= 3.5.0 < publication	publication
microsoft	microsoft_net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2	>= 3.0.0.0 < publication	publication
microsoft	microsoft_net_framework_3.5_and_4.6_4.6.1_4.6.2	>= 3.5.0 < publication	publication
microsoft	microsoft_net_framework_3.5_and_4.7.1_4.7.2	>= 3.0 < publication	publication
microsoft	microsoft_net_framework_3.5_and_4.7.2	>= 4.7.0 < publication	publication
microsoft	microsoft_net_framework_3.5_and_4.8	>= 4.8.0 < publication	publication
microsoft	microsoft_net_framework_4.5.2	>= 4.0.0.0 < publication	publication
microsoft	microsoft_net_framework_4.6	>= 4.0.0.0 < publication	publication
microsoft	microsoft_net_framework_4.6_4.6.1_4.6.2_4.7_4.7.1_4.7.2	>= 4.0.0.0 < publication	publication
microsoft	microsoft_net_framework_4.8	>= 4.8.0 < publication	publication
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
microsoft	net_framework	—	—
msrc	microsoft_net_framework_2.0_service_pack_2	—	—
msrc	microsoft_net_framework_3.5	—	—