1. Home
  2. CVE Database
  3. CVE-2011-1977
MEDIUM · 4.3

CVE-2011-1977

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitr...

Vulnerability Description

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
Microsoft.Net Framework4.0
MicrosoftWindows 2003 ServerAll versions
MicrosoftWindows 7-
MicrosoftWindows Server 2003All versions
MicrosoftWindows Server 2008All versions
MicrosoftWindows VistaAll versions
MicrosoftWindows XpAll versions
MicrosoftChart Control For Microsoft .Net Framework3.5

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2011-1977?

CVE-2011-1977 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitr...

How severe is CVE-2011-1977?

CVE-2011-1977 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1977?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows 2003 Server, Microsoft Windows 7, Microsoft Windows Server 2003, Microsoft Windows Server 2008.