Vulnerability Details CVE-2011-1977
The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.216
EPSS Ranking 95.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.us-cert.gov/cas/techalerts/TA11-221A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-066
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12970
- http://www.us-cert.gov/cas/techalerts/TA11-221A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-066
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12970
Products affected by CVE-2011-1977
-
cpe:2.3:a:microsoft:.net_framework:4.0
-
cpe:2.3:a:microsoft:chart_control_for_microsoft_.net_framework:3.5
-
cpe:2.3:o:microsoft:windows_2003_server:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_server_2003:-
-
cpe:2.3:o:microsoft:windows_server_2003:r2
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_vista:-
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:unknown