VYPR
Critical severity9.8NVD Advisory· Published Nov 3, 2004· Updated Jun 16, 2026

CVE-2004-0847

CVE-2004-0847

Description

The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Microsoft/Asp.net3 versions
    cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*range: <=1.1
    • cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.