Vulnerabilities > CVE-2005-1665 - Denial-Of-Service vulnerability in ASP.Net 1.0/1.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

NVD

Published: 2005-05-18

Updated: 2017-07-11

Summary

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Asp.Net 1.0 Microsoft Asp.Net 1.1	2

References

http://marc.info/?l=bugtraq&m=111513127704270&w=2
http://scottonwriting.net/sowblog/posts/3747.aspx
http://secunia.com/advisories/15241
http://www.osvdb.org/16195
https://exchange.xforce.ibmcloud.com/vulnerabilities/20408