(MS13-103) Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
Publish Date: 26 Dezember 2013
Schweregrad:: Hoch
CVE Kennungen:: CVE-2013-5042
Hinweisdatum: 26 Dezember 2013
Beschreibung
This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.
Lösungen
Betroffene Software und Version:
- Microsoft Visual Studio Team Foundation Server 2013
- ASP.NET SignalR 2.0.x
- ASP.NET SignalR 1.1.x