MS05-004: ASP.NET Path Validation Vulnerability (887219)

Medium Nessus Plugin ID 16333


It is possible to access confidential documents on the remote web server.


The remote host is running a version of the ASP.NET framework that could allow an attacker to bypass the security of an ASP.NET website and obtain unauthorized access.


Microsoft has released a set of patches for Windows NT, 2000, XP and 2003.

See Also

Plugin Details

Severity: Medium

ID: 16333

File Name: smb_nt_ms05-004.nasl

Version: $Revision: 1.34 $

Type: local

Agent: windows

Published: 2005/02/09

Modified: 2017/08/09

Dependencies: 57033, 13855

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/02/08

Vulnerability Publication Date: 2004/09/14

Reference Information

CVE: CVE-2004-0847

BID: 11342

OSVDB: 10557, 10670

MSFT: MS05-004

CERT: 283646

EDB-ID: 24666

MSKB: 886905