WebApp Sec mailing list archives
Re: New Vulnerability in Microsoft ASP.NET
From: "Adam Tuliper" <amt () gecko-software com>
Date: Thu, 07 Oct 2004 23:01:55 -0400
There's been some confusion as to if URLScan will prevent this issue, and it will. As well as (released today) Microsoft ASP.NET ValidatePath Module http://www.microsoft.com/downloads/details.aspx?familyid=DA77B852-DFA0-4631-AAF9-8BCC6C743026&displaylang=en Earlier in the day they recommended adding code to each application to fix this, you wait a few hours and voila.. a better fix. Its not too often we get to see that from ms : ) On Thu, 7 Oct 2004 17:05:41 -0400 "Wojciech Dojka" <wdojka () incurrent com> wrote:
I haven't seen any discussions here on this. The links below point to a serious new vulnerability in ASP.NET: http://www.microsoft.com/security/incident/aspnet.mspx http://support.microsoft.com/?kbid=887459
http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754
http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/10/06/27788.aspx
http://msmvps.com/bernard/archive/2004/10/07/15136.aspx
http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/10/02/27441.aspx
--------------------- Wojciech Dojka Information Security Engineer Incurrent Solutions
--------------------------------------------------------------------- Web mail provided by NuNet, Inc. The Premier National provider. http://www.nni.com/
Current thread:
- New Vulnerability in Microsoft ASP.NET Wojciech Dojka (Oct 07)
- Re: New Vulnerability in Microsoft ASP.NET Adam Tuliper (Oct 09)