ASP.NET Vulnerability Reported - TAKE PROPER ACTION!

News

Twitter

billevjen RT @toddbishop Breaking: Microsoft CFO Chris Liddell leaving. Updates to come. http://bit.ly/5SaIAH about 2 days ago

billevjen @Tanoop Sure did and I have to say that I am already addicted to the Outlook Date(Conversation) threads for email. Way easier to deal with. about 2 days ago

billevjen @kvgros I was just thinking the same thing. I upgraded two machines to this and it is quite nice. about 3 days ago

billevjen After a number of reboots - I have Office 64-bit installed. It picked up and converted my old .ost file (good). I do like new org of Outlok about 3 days ago

billevjen MSFT and News Corp in talks about delisting from Google. Is this what is needed to make money for news? - http://bit.ly/7bym3W about 3 days ago

billevjen Uninstalling 32-bit Office 2007 on my home computer right now to install 64-bit Office 2010 Beta. Wish me luck. :) about 3 days ago

billevjen Wow - M. Vick took that ball down the field a bit. His best play since being back. #nfl #snf about 4 days ago

billevjen E-Readers are the big gift for Christmas this year! - http://bit.ly/5niTnZ about 4 days ago

billevjen @keyvan Congrats on the book! about 4 days ago

billevjen @DanWahlin I hear you. That was my last trip of the year! I'm glad to spend the rest of this year at home. about 5 days ago

Post Categories

My Books

Programs I'm With

Statement

Everything stated here in this blog is my own personal opinions and does not reflect the opinions of my employer.

<< INETA just keeps growing | Home | MSN Maps and Directions >>

ASP.NET Vulnerability Reported - TAKE PROPER ACTION!

No fix at the moment, but Microsoft reported an ASP.NET vulnerability yesterday:

http://www.microsoft.com/security/incident/aspnet.mspx

It deals with the canonicalization of files and a hacker's ability to play with the URL to get at files they shouldn't. There are safeguards to protect yourself in the meantime. Check out KB article 887459:

http://support.microsoft.com/?kbid=887459

Print | posted on Wednesday, October 06, 2004 8:34 AM

Feedback

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability

left by Sirsha Development Resources Blo at 10/6/2004 12:35 PM

The hills are alive with the sound of music KB links echoed through blogosphere. As reported here here here here here here here here here here (and too many other places to mention), MS has released a bulletin regarding this vulnerability. If you want to correct the problem, you should add the code from KB article 887459 to your Global.asax (or Global.asax.cs or Global.asax.vb, as the case may be). I still recommend using more fine-grained security checks on each page like I mentioned earlier and that you run URLScan and IISLockdown (if you can). Or upgrade to IIS 6. Better yet, do all of the above.

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability

left by Sirsha Development Resources Blo at 3/12/2005 5:40 PM

Bill Evjen's Blog

Code, Life and Community

News

Twitter

Tag Cloud

Post Categories

Archives

Links

My Books

Programs I'm With

Statement

ASP.NET Vulnerability Reported - TAKE PROPER ACTION!

Feedback

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability