OVAL Reference oval:org.mitre.oval:def:14363

Oval Definition:

oval:org.mitre.oval:def:14363

Revision Date:	2014-08-18	Version:	28
Title:	ASP.Net Forms Authentication Bypass Vulnerability
Description:	The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2011-3416
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4
Definition Synopsis
.NET Framework 1.1 SP1 KB2656353 affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 1.1 Service Pack 1 is Installed AND the version of Mscorlib.dll is less than 1.1.4322.2494 OR .NET Framework 2.0 SP2 KB2656352 affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft .NET Framework 2.0 Service Pack 2 is installed AND GDR or LDR Service branch the version of System.Web.dll is less than 2.0.50727.3634 OR LDR the version of System.Web.dll is greater than or equal to 2.0.50727.5600 AND the version of System.Web.dll is less than 2.0.50727.5710 OR .NET Framework 2.0 SP2 KB2656362 affected Operating System Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 2.0 Service Pack 2 is installed AND GDR or LDR Service branch the version of System.Web.dll is less than 2.0.50727.4223 OR LDR the version of System.Web.dll is greater than or equal to 2.0.50727.5600 AND the version of System.Web.dll is less than 2.0.50727.5710 OR .NET Framework 3.5 SP1 KB2657424 affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND GDR or LDR Service branch the version of System.Web.Extensions.dll is less than 3.5.30729.3678 OR LDR the version of System.Web.Extensions.dll is greater than or equal to 3.5.30729.5600 AND the version of System.Web.Extensions.dll is less than 3.5.30729.5769 OR .NET Framework 3.5.1 KB2656355 affected Operating System Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND GDR or LDR Service branch the version of System.web.dll is less than 2.0.50727.4971 OR LDR the version of System.Web.dll is greater than or equal to 2.0.50727.5600 AND the version of System.Web.dll is less than 2.0.50727.5710 OR .NET Framework 3.5.1 KB2656356 affected Operating System Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 3.5 SP1 is installed AND GDR or LDR Service branch the version of System.web.dll is less than 2.0.50727.5456 OR LDR the version of System.Web.dll is greater than or equal to 2.0.50727.5600 AND the version of System.Web.dll is less than 2.0.50727.5710 OR .NET Framework 4 KB2656351 affected Operating System Microsoft Windows XP (32-bit) is installed OR Microsoft Windows XP x64 is installed OR Microsoft Windows Server 2003 (32-bit) is installed OR Microsoft Windows Server 2003 (x64) is installed OR Microsoft Windows Server 2003 (ia64) Gold is installed OR Microsoft Windows Vista (32-bit) is installed OR Microsoft Windows Vista x64 Edition is installed OR Microsoft Windows Server 2008 (32-bit) is installed OR Microsoft Windows Server 2008 (64-bit) is installed OR Microsoft Windows Server 2008 (ia-64) is installed OR Microsoft Windows 7 (32-bit) is installed OR Microsoft Windows 7 x64 Edition is installed OR Microsoft Windows Server 2008 R2 x64 Edition is installed OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft .NET Framework 4.0 is installed AND GDR or LDR Service branch the version of System.Web.dll is less than 4.0.30319.272 OR LDR the version of System.Web.dll is greater than or equal to 4.0.30319.300 AND the version of System.Web.dll is less than 4.0.30319.547

BACK