login      my ps      about      contact  



home instructor-led on-demand! screencasts blogs technical staff


Security Briefs » ASP.NET Vulnerability

ASP.NET Vulnerability

Security Briefs

Pluralsight Blogs

Syndication

Recent Posts

Tags

View more

Keith's books

Misc

Recent Articles

Archives

Looks like the consensus is that no version of IIS protects you from this vulnerability. If you have an ASP.NET application, and you rely on Url authorization ( sections), you need to fix your application ASAP.

The fix is very simple - it's a few lines of code that reject requests that have backslashes or are not in canonical form. Here is the knowledge base article that you should read that provides the fix.

Get to it, folks!

Posted Oct 07 2004, 12:37 PM by keith-brown
Filed under: ,

Comments

Brian Goldfarb wrote re: ASP.NET Vulnerability
on 10-07-2004 7:57 PM
Also be sure the check out http://www.microsoft.com/security/incident/aspnet.mspx
We have posted an HTTP Module wrapped in an MSI installer where you can update an entire server with just one click -- also KB guidance. The landing page is the central repository of information and we are continually updating it as new resources and information becomes available.
Girish Bharadwaj wrote Update on ASP.NET Vulnerability
on 10-07-2004 8:59 PM


home instructor-led training online training blogs

781.749.9238 (East Coast) | 310.251.9901 (West Coast) | Pluralsight, LLC , 185 Lincoln St., Suite 305, Hingham, MA 02043-1741

Copyright © 2008 Pluralsight LLC. All rights reserved.

designed by nukeation