Vulnerabilities > CVE-2006-3436 - Cross-Site Scripting vulnerability in Microsoft .Net Framework 2.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
microsoft
nessus
NVD
Published: 2006-10-10
Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS06-056.NASL
    descriptionThe remote host is running a version of the ASP.NET framework that contains a cross-site scripting vulnerability that could allow an attacker to execute arbitrary code in the browser of the users visiting the remote website.
    last seen2020-06-01
    modified2020-06-02
    plugin id22529
    published2006-10-10
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22529
    titleMS06-056: Vulnerabilities in ASP.NET could allow information disclosure (922770)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(22529);
 script_version("1.31");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2006-3436");
 script_bugtraq_id(20337);
 script_xref(name:"MSFT", value:"MS06-056");
 script_xref(name:"MSKB", value:"922770");

 script_name(english:"MS06-056: Vulnerabilities in ASP.NET could allow information disclosure (922770)");
 script_summary(english:"Determines the version of the ASP.Net DLLs");

 script_set_attribute(attribute:"synopsis", value:
"The remote .Net Framework is vulnerable to a cross-site scripting
attack.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of the ASP.NET framework that
contains a cross-site scripting vulnerability that could allow an
attacker to execute arbitrary code in the browser of the users
visiting the remote website.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-056");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/10");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/10");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS06-056';
kb = '922770';

kbs = make_list(kb);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (hotfix_is_vulnerable(file:"Aspnet_wp.exe", min_version:"2.0.0.0", version:"2.0.50727.210", dir:"\Microsoft.Net\Framework\v2.0.50727", bulletin:bulletin, kb:kb))
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  set_kb_item(name: 'www/0/XSS', value: TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
  • NASL familyWindows
    NASL idWWW_MS06-056.NASL
    descriptionThe remote host is running a version of the ASP.NET framework affected by a cross-site scripting vulnerability that could allow an attacker to execute arbitrary code in the browser of the users visiting the remote website.
    last seen2020-06-01
    modified2020-06-02
    plugin id24245
    published2007-01-26
    reporterThis script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24245
    titleMS06-056: Vulnerabilities in ASP.NET could allow information disclosure (922770) (uncredentialed check)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(24245);
 script_version("1.28");

 script_cve_id("CVE-2006-3436");
 script_bugtraq_id(20337);
 script_xref(name:"MSKB", value:"922770");
 script_xref(name:"MSFT", value:"MS06-056");

 script_name(english:"MS06-056: Vulnerabilities in ASP.NET could allow information disclosure (922770) (uncredentialed check)");
 script_summary(english:"Determines the version of the ASP.Net DLLs via HTTP");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote .Net Framework is vulnerable to a cross-site scripting
attack." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of the ASP.NET framework affected
by a cross-site scripting vulnerability that could allow an attacker
to execute arbitrary code in the browser of the users visiting the
remote website." );
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and 
2003." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-056" );

 script_set_attribute(attribute:"plugin_publication_date", value: "2007/01/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/10/10");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_set_attribute(attribute:"patch_publication_date", value: "2006/10/10");
 script_set_attribute(attribute:"plugin_type", value: "remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Windows");
 script_dependencies("dotnet_framework_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

ver = get_kb_item("www/" + port + "/ASP.NET_Version");
if ( ! ver ) exit(0);

v = split(ver, sep:'.', keep:FALSE);
for ( i = 0 ; i < max_index(v) ; i ++ ) v[i] = int(v[i]);

if ( ! isnull(v) ) 
       if ( (v[0] == 2 && v[1] == 0 && v[2] == 50727 && v[3] < 210 ) )
{
 security_warning(port);
 set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}

Oval

accepted2007-08-02T14:47:15.981-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameJonathan Baker
    organizationThe MITRE Corporation
definition_extensions
commentMicrosoft .NET Framework 2.0 (Original RTM or later) is installed
ovaloval:org.mitre.oval:def:1934
descriptionCross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
familywindows
idoval:org.mitre.oval:def:377
statusaccepted
submitted2006-10-11T05:29:41
titleMicrosoft .NET Framework 2.0 Cross-Site Scripting Vulnerability
version28

References