CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.866

EPSS Ranking 99.4%

CVSS Severity

CVSS v2 Score 8.5

References

Products affected by CVE-2011-3416

Microsoft » Windows 7 » Version: N/A

cpe:2.3:o:microsoft:windows_7:-
Microsoft » Windows Server 2003 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2003:-
Microsoft » Windows Server 2003 » Version: r2

cpe:2.3:o:microsoft:windows_server_2003:r2
Microsoft » Windows Server 2008 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2008:-
Microsoft » Windows Server 2008 » Version: r2

cpe:2.3:o:microsoft:windows_server_2008:r2
Microsoft » Windows Vista » Version: N/A

cpe:2.3:o:microsoft:windows_vista:-
Microsoft » Windows Xp » Version: Any

cpe:2.3:o:microsoft:windows_xp:*
Microsoft » Windows Xp » Version: sp3

cpe:2.3:o:microsoft:windows_xp:sp3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-3416

Products

Pricing

Contact Us