CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."

Published: Dec 30, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3415
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / windows_vista	-	-
microsoft / windows_server_2008	-	-
microsoft / windows_server_2008	r2	r2.x
microsoft / windows_xp	sp3-unknown	sp3-unknown.x
microsoft / windows_7	--sp1	--sp1.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_xp	-	-
microsoft / windows_server_2003	-	-
microsoft / windows_vista	--sp2	--sp2.x

http://jvn.jp/en/jp/JVN71256611/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-003557
http://www.securityfocus.com/bid/51202
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14815

Vulnerability Database

290,206

CVE-2011-3415