NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2007-0042

Summary	Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
Summary	Un conflicto de interpretación en ASP.NET en Microsoft .NET Framework versión 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite que los atacantes remotos accedan a los archivos de configuración y obtengan información confidencial, y posiblemente omitan los mecanismos de seguridad que intentan restringir el acceso. La subcadena final de una cadena, por medio de caracteres %00 , relacionada con el uso de %00 como terminador de cadena dentro de las funciones POSIX pero un carácter data dentro de las cadenas .NET, también se conoce como "Null Byte Termination Vulnerability.".
Publication Date	July 11, 2007, 7:30 a.m.
Registration Date	Jan. 29, 2021, 2:04 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	7.8
Vector	AV:N/AC:L/Au:N/C:C/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:microsoft:.net_framework:1.0:::::::*
cpe:2.3:a:microsoft:.net_framework:1.1:::::::*
cpe:2.3:a:microsoft:.net_framework:2.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html	secure@microsoft.com
2	http://secunia.com/advisories/26003	secure@microsoft.com
3	http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf	secure@microsoft.com
4	http://www.securitytracker.com/id?1018356	secure@microsoft.com
5	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	secure@microsoft.com
6	http://www.vupen.com/english/advisories/2007/2482	secure@microsoft.com
7	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040	secure@microsoft.com
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070	secure@microsoft.com
9	http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/26003	af854a3a-2127-422b-91ae-364da2661108
11	http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securitytracker.com/id?1018356	af854a3a-2127-422b-91ae-364da2661108
13	http://www.us-cert.gov/cas/techalerts/TA07-191A.html	af854a3a-2127-422b-91ae-364da2661108
14	http://www.vupen.com/english/advisories/2007/2482	af854a3a-2127-422b-91ae-364da2661108
15	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040	af854a3a-2127-422b-91ae-364da2661108
16	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List