CVE-2007-0042

Description

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

Related CPE's

Could not find any relations

References

http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf

SSRT071446

TA07-191A

US Government Resource

1018356

26003

Vendor Advisory

ADV-2007-2482

oval:org.mitre.oval:def:2070

MS07-040

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:N/C:C/I:N/A:N
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	NONE
AvailabilityImpact	NONE
BaseScore	7.800000190734863

Created by Yello

About Severity.io