Vulnerability Name:

CVE-2005-0452 (CCN-19395)

Assigned:2005-02-14
Published:2005-02-14
Updated:2016-10-18
Summary:Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0452

Source: MITRE
Type: CNA
CVE-2005-0509

Source: CCN
Type: it-project.ru Web site
XSS vulnerability in ASP.Net

Source: MISC
Type: Vendor Advisory
http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml

Source: BUGTRAQ
Type: UNKNOWN
20050217 XSS vulnerabilty in ASP.Net [with details]

Source: CCN
Type: Mono Source Repository
Mono

Source: CCN
Type: SA14214
Microsoft ASP.NET Unicode Conversion Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
14214

Source: CCN
Type: SA14325
Mono ASP.NET Unicode Conversion Cross-Site Scripting

Source: CCN
Type: OSVDB ID: 13926
Multiple ASP.NET Implementation Full Width Ascii Character Arbitrary HTML Injection

Source: CCN
Type: OSVDB ID: 13927
Microsoft ASP.NET Request Validation Mechanism Bypass

Source: CCN
Type: OSVDB ID: 13928
Microsoft ASP.NET HttpServerUtility.HtmlEncode Unicode Character Bypass

Source: BID
Type: Vendor Advisory
12574

Source: CCN
Type: BID-12574
Microsoft ASP.NET Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

Source: CCN
Type: BID-12626
Mono Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

Source: XF
Type: UNKNOWN
aspnet-mononet-unicode-xss(19395)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:asp.net:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:1.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:.net_framework:1.0:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:1.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:mono:mono:1.0.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft asp.net 1.0
    microsoft asp.net 1.0 sp1
    microsoft asp.net 1.0 sp2
    microsoft asp.net 1.1
    microsoft asp.net 1.1 sp1
    microsoft .net framework 1.0
    microsoft .net framework 1.1
    microsoft .net framework 1.0 sp2
    microsoft .net framework 1.0 sp1
    microsoft .net framework 1.1 sp1
    mono mono 1.0.5