CVE-2011-3417 Information

Description

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1 2.0 SP2 3.5 SP1 3.5.1 and 4.0 when sliding expiry is enabled does not properly handle cached content which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL aka \ASP.NET Forms Authentication Ticket Caching Vulnerability.\

Reference

http://www.securityfocus.com/bid/51203 http://www.us-cert.gov/cas/techalerts/TA11-347A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14625