CVE-2007-0042 - OpenCVE

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	.net Framework Windows 2000 Windows 2003 Server Windows Vista Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:o:microsoft:windows_2000:-:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:-:::::::*
	cpe:2.3:o:microsoft:windows_vista:-:::::::*
	cpe:2.3:o:microsoft:windows_xp:-:::::::*

OR	cpe:2.3:a:microsoft:.net_framework:1.0:::::::*
	cpe:2.3:a:microsoft:.net_framework:1.1:::::::*
	cpe:2.3:a:microsoft:.net_framework:2.0:::::::*

No data.

References

Link	Providers
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://secunia.com/advisories/26003
http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf
http://www.securitytracker.com/id?1018356
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
http://www.vupen.com/english/advisories/2007/2482
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2007-07-10T22:00:00

Updated: 2024-08-07T12:03:36.861Z

Reserved: 2007-01-03T00:00:00

Link: CVE-2007-0042

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-10T22:30:00.000

Modified: 2018-10-30T16:25:38.340

Link: CVE-2007-0042

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka \"Null Byte Termination Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "SSRT071446", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "MS07-040", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"name": "ADV-2007-2482", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"name": "oval:org.mitre.oval:def:2070", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070"}, {"name": "26003", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26003"}, {"tags": ["x_refsource_MISC"], "url": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf"}, {"name": "TA07-191A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "1018356", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018356"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2007-0042", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka \"Null Byte Termination Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSRT071446", "refsource": "HP", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "MS07-040", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"name": "ADV-2007-2482", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"name": "oval:org.mitre.oval:def:2070", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070"}, {"name": "26003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26003"}, {"name": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf", "refsource": "MISC", "url": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf"}, {"name": "TA07-191A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "1018356", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018356"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:36.861Z"}, "title": "CVE Program Container", "references": [{"name": "SSRT071446", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"name": "MS07-040", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"name": "ADV-2007-2482", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"name": "oval:org.mitre.oval:def:2070", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070"}, {"name": "26003", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26003"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf"}, {"name": "TA07-191A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"name": "1018356", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018356"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2007-0042", "datePublished": "2007-07-10T22:00:00", "dateReserved": "2007-01-03T00:00:00", "dateUpdated": "2024-08-07T12:03:36.861Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAA86830-BEA8-4943-83EA-C267FA534223", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "766661C0-6A35-4F62-8325-3840A75CF3B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A927C9E-5CCC-4FC1-AE63-24B96A5FC51A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A419F50E-F32C-461C-95D0-978C5351FBAA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka \"Null Byte Termination Vulnerability.\""}, {"lang": "es", "value": "Un conflicto de interpretaci\u00f3n en ASP.NET en Microsoft .NET Framework versi\u00f3n 1.0, 1.1 y 2.0 para Windows 2000, XP, Server 2003 y Vista permite que los atacantes remotos accedan a los archivos de configuraci\u00f3n y obtengan informaci\u00f3n confidencial, y posiblemente omitan los mecanismos de seguridad que intentan restringir el acceso. La subcadena final de una cadena, por medio de caracteres %00 , relacionada con el uso de %00 como terminador de cadena dentro de las funciones POSIX pero un car\u00e1cter data dentro de las cadenas .NET, tambi\u00e9n se conoce como \"Null Byte Termination Vulnerability.\"."}], "id": "CVE-2007-0042", "lastModified": "2018-10-30T16:25:38.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-10T22:30:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26003"}, {"source": "secure@microsoft.com", "url": "http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018356"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/2482"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}