Vulnerability in Microsoft Azure SDK 1.3.x Affects Cookie Management in ASP.NET Applications
CVE-2011-1068

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Azure Sdk
Vendor: CVE Published:; 23 February 2011

What is CVE-2011-1068?

The Microsoft Windows Azure SDK version 1.3.x prior to 1.3.20121.1237 fails to properly manage cookies when utilized with Full IIS and a Web Role in ASP.NET applications. This inadequacy allows remote attackers to exploit the flaw by reading encrypted cookies, potentially leading to the unauthorized disclosure of sensitive information. The vulnerability emphasizes the need for stringent cookie management practices to ensure that secure data is not at risk due to improper handling.

References

http://secunia.com/advisories/43237

third-party-advisoryx_refsource_SECUNIA

http://blogs.msdn.com/b/windowsazure/archive/2011/02/03/w...

x_refsource_CONFIRM

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 23, 2011