CVE-2006-1300

critical

Description

Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A419

https://exchange.xforce.ibmcloud.com/vulnerabilities/26802

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-033

http://www.vupen.com/english/advisories/2006/2751

http://www.securityfocus.com/bid/18920

http://www.osvdb.org/27153

http://securitytracker.com/id?1016465

http://secunia.com/advisories/20999

Details

Source: Mitre, NVD

Published: 2006-07-11

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.446