Vulnerability Description
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net | 1.0 |
References
- http://marc.info/?l=bugtraq&m=111513127704270&w=2
- http://marc.info/?l=bugtraq&m=111532887612517&w=2
- http://scottonwriting.net/sowblog/posts/3747.aspx
- http://secunia.com/advisories/15241Vendor Advisory
- http://www.osvdb.org/16196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20409
- http://marc.info/?l=bugtraq&m=111513127704270&w=2
- http://marc.info/?l=bugtraq&m=111532887612517&w=2
- http://scottonwriting.net/sowblog/posts/3747.aspx
- http://secunia.com/advisories/15241Vendor Advisory
- http://www.osvdb.org/16196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20409
FAQ
What is CVE-2005-1664?
CVE-2005-1664 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState infor...
How severe is CVE-2005-1664?
CVE-2005-1664 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1664?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net.