Vulnerability Name:

CVE-2004-0847 (CCN-17644)

Assigned:2004-09-14
Published:2004-09-14
Updated:2018-10-12
Summary:The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-22
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: NTBugTraq Mailing List, Tue Sep 14 2004 - 06:42:28 CDT
Security bug in .NET Forms Authentication

Source: NTBUGTRAQ
Type: Exploit, Vendor Advisory
20040914 Security bug in .NET Forms Authentication

Source: CCN
Type: NTBugTraq Mailing List, Thu Oct 07 2004 - 22:12:21 CDT
More details on ASP.NET vulnerability

Source: MITRE
Type: CNA
CVE-2004-0847

Source: MISC
Type: Broken Link
http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754

Source: CCN
Type: Microsoft Knowledge Base Article 887459
Programmatically check for canonicalization issues with ASP.NET

Source: CCN
Type: Microsoft Security Bulletin MS12-035
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

Source: CCN
Type: Microsoft Security Bulletin MS13-040
Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

Source: CCN
Type: Microsoft Security Bulletin MS13-082
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)

Source: CCN
Type: Microsoft Security Bulletin MS15-080
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3078662)

Source: CCN
Type: Microsoft Security Bulletin MS15-097
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (3089656)

Source: CCN
Type: Microsoft Security Bulletin MS15-115
Security Update for Microsoft Windows to Address Remote Code Execution (3105864)

Source: CCN
Type: Microsoft Security Bulletin MS15-116
Security Updates for Microsoft Office to Address Remote Code Execution (3104540)

Source: CCN
Type: Microsoft Security Bulletin MS15-123
Security Update for Skype for Business and Lync to Address Information Disclosure (3105872)

Source: CCN
Type: Microsoft Security Bulletin MS15-128
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)

Source: CCN
Type: Microsoft Security Bulletin MS15-129
Security Update for Silverlight to Address Remote Code Execution (3106614)

Source: CCN
Type: Microsoft Security Bulletin MS15-131
Security Update for Microsoft Office to Address Remote Code Execution (3116111)

Source: CCN
Type: Microsoft Security Bulletin MS15-132
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)

Source: CCN
Type: Microsoft Security Bulletin MS15-135
Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075)

Source: CCN
Type: Microsoft Security Bulletin MS16-004
Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585)

Source: CCN
Type: Microsoft Security Bulletin MS16-006
Security Update for Silverlight to Address Remote Code Execution (3126036)

Source: CCN
Type: Microsoft Security Bulletin MS16-008
Security Update for Kernel to Address Elevation of Privilege (3124605)

Source: CCN
Type: Microsoft Security Bulletin MS16-014
Security update for Microsoft Windows to Address Remote Code Execution (3134228)

Source: CCN
Type: Microsoft Security Bulletin MS16-015
Security Update for Microsoft Office to Address Remote Code Execution (3134226)

Source: CCN
Type: Microsoft Security Bulletin MS16-029
Security Update for Microsoft Office to Address Remote Code Execution (3141806)

Source: CCN
Type: Microsoft Security Bulletin MS16-031
Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)

Source: CCN
Type: Microsoft Security Bulletin MS16-035
Security Update for .NET Framework to Address Security Feature Bypass (3141780)

Source: CCN
Type: Microsoft Security Bulletin MS16-042
Security Update for Microsoft Office (3148775)

Source: CCN
Type: Microsoft Security Bulletin MS16-044
Security Update for Windows OLE (3146706)

Source: CCN
Type: Microsoft Security Bulletin MS16-048
Security Update for CSRSS (3148528)

Source: CCN
Type: Microsoft Security Bulletin MS16-054
Security Update for Microsoft Office (3155544)

Source: CCN
Type: Microsoft Security Bulletin MS16-060
Security Update for Windows Kernel (3154846)

Source: CCN
Type: Microsoft Security Bulletin MS16-061
Security Update for Microsoft RPC (3155520)

Source: CCN
Type: Microsoft Security Bulletin MS16-070
Security Update for Office (3163610)

Source: CCN
Type: Microsoft Security Bulletin MS16-088
Security Updates for Office (3170008)

Source: CCN
Type: Microsoft Security Bulletin MS16-092
Security Update for Windows Kernel (3171910)

Source: CCN
Type: Microsoft Security Bulletin MS16-097
Security Update for Microsoft Graphics Component (3177393)

Source: CCN
Type: Microsoft Security Bulletin MS16-099
Security Update for Office (3177451)

Source: CCN
Type: Microsoft Security Bulletin MS16-106
Security Update for Microsoft Graphics Component (3185848)

Source: CCN
Type: Microsoft Security Bulletin MS16-107
Security Update for Microsoft Office (3185852)

Source: CCN
Type: Microsoft Security Bulletin MS16-109
Security Update for Silverlight (3182373)

Source: CCN
Type: Microsoft Security Bulletin MS16-111
Security Update for Windows Kernel (3186973)

Source: CCN
Type: Microsoft Security Bulletin MS16-120
Security Update for Microsoft Graphics Component (3192884)

Source: CCN
Type: Microsoft Security Bulletin MS16-121
Security Update for Microsoft Office (3194063)

Source: CCN
Type: Microsoft Security Bulletin MS16-122
Security Update for Microsoft Video Control (3195360)

Source: CCN
Type: Microsoft Security Bulletin MS16-123
Security Update for Kernel-Mode Drivers (3192892)

Source: CCN
Type: Microsoft Security Bulletin MS16-124
Security Update for Windows Registry (3193227)

Source: CCN
Type: Microsoft Security Bulletin MS16-126
Security Update for Microsoft Internet Messaging API (3196067)

Source: CCN
Type: Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)

Source: CCN
Type: Microsoft Security Bulletin MS16-133
Security Update for Microsoft Office (3199168)

Source: CCN
Type: Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)

Source: CCN
Type: Microsoft Security Bulletin MS16-148
Security Update for Microsoft Office (3204068)

Source: CCN
Type: Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)

Source: CCN
Type: Microsoft Security Bulletin MS17-002
Security Update for Microsoft Office (3214291)

Source: CCN
Type: Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: CCN
Type: Microsoft Security Bulletin MS17-014
Security Update for Microsoft Office (4013241)

Source: CCN
Type: CIAC Information Bulletin P-127
Microsoft ASP.NET Path Validation Vulnerability

Source: CCN
Type: US-CERT VU#283646
Microsoft ASP.NET fails to perform proper canonicalization

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#283646

Source: CCN
Type: Microsoft Corporation Web site
Microsoft ASP.NET ValidatePath Module

Source: CCN
Type: Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219)

Source: CCN
Type: Microsoft Security Bulletin MS07-040
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)

Source: CCN
Type: Microsoft Security Bulletin MS09-061
Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

Source: CCN
Type: Microsoft Security Bulletin MS10-041
Vulnerabilities in the Microsoft .NET Framework Could Allow Tampering (981343)

Source: CCN
Type: Microsoft Security Bulletin MS10-060
Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

Source: CCN
Type: Microsoft Security Bulletin MS11-044
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)

Source: CCN
Type: Microsoft Security Bulletin MS11-078
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Source: BID
Type: Third Party Advisory, VDB Entry
11342

Source: CCN
Type: BID-11342
Microsoft ASP.NET URI Canonicalization Unauthorized Web Access Vulnerability

Source: CERT
Type: Third Party Advisory, US Government Resource
TA05-039A

Source: MS
Type: UNKNOWN
MS05-004

Source: XF
Type: Third Party Advisory, VDB Entry
windows-forms-security-bypass(17644)

Source: XF
Type: UNKNOWN
ms-aspnet-security-bypass(17644)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:3556

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:4987

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:asp.net:*:*:*:*:*:*:*:* (Version <= 1.1)
  • OR cpe:/a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:.net_framework:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:1.1:-:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:tablet_pc:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:3556
    V
    Microsoft .NET Framework v1.1 Security Bypass
    2016-02-19
    oval:org.mitre.oval:def:4987
    V
    Microsoft .NET Framework v1.0 Security Bypass
    2008-02-25
    BACK
    microsoft asp.net *
    microsoft asp.net 1.1 sp1
    microsoft .net framework 1.0
    microsoft .net framework 1.1
    microsoft windows 2000 * sp3
    microsoft windows xp * sp1
    microsoft windows 2000 * sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft asp.net *
    microsoft windows xp *
    microsoft windows xp *