JVN#71256611
ASP.NET vulnerable to open redirect
Overview
ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component.
Products Affected
- ASP.NET
Description
ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. Therefore a web application that implements ASP.NET may be vulnerable.
Impact
The user who accesses the web application that implements ASP.NET may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.
Solution
Update the software
This vulnerability was resolved in MS11-100.
Apply the update according to the information provided by Microsoft.
Vendor Status
| Vendor | Link |
| Microsoft | Microsoft Security Bulletin MS11-100 - Critical |
References
JPCERT/CC Addendum
This JVN publication was delayed to 2013/11/15 after the developer fix was developed. From the fiscal year 2011, JPCERT/CC is using a new vendor coordination procedure. This new procedure came from the recommendation of the fiscal year 2010 "Study Group on Information System Vulnerability Handling" aimed at more timely JVN publications.
Vulnerability Analysis by JPCERT/CC
Credit
Tomoki Sanaki of NTT Communications Corporation Security Operation Center reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2011-3415 |
| JVN iPedia |
JVNDB-2011-003557 |