CVE-2006-3436 - компьютерная безопасность: уязвимости и эксплоиты

[RU] switch to
English Version

CVE CVE-2006-3436
Статус Candidate
Описание Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
Важность High
CVSS score 7
CVSS vector (AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Phase Assigned (07.07.2006)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3436
References BID : 20337
CERT-VN : VU#455604
FRSIRT : ADV-2006-3976
HP : HPSBST02161
HP : SSRT061264
MS : MS06-056
OVAL : oval:org.mitre.oval:def:377
SECTRACK : 1017029
SECUNIA : 22307
XF : asp-http-xss(28658)

test server