Personalize

Layout

Navigation Position

Bill Evjen's Blog

Code, Life and Community

<< INETA just keeps growing | Home | MSN Maps and Directions >>

ASP.NET Vulnerability Reported - TAKE PROPER ACTION!

No fix at the moment, but Microsoft reported an ASP.NET vulnerability yesterday:

http://www.microsoft.com/security/incident/aspnet.mspx

It deals with the canonicalization of files and a hacker's ability to play with the URL to get at files they shouldn't. There are safeguards to protect yourself in the meantime. Check out KB article 887459:

http://support.microsoft.com/?kbid=887459

Wednesday, October 06, 2004 8:34 AM

Your Comments.

# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability
The hills are alive with the sound of music KB links echoed through blogosphere. As reported here here here here here here here here here here (and too many other places to mention), MS has released a bulletin regarding this vulnerability. If you want to correct the problem, you should add the code from KB article 887459 to your Global.asax (or Global.asax.cs or Global.asax.vb, as the case may be). I still recommend using more fine-grained security checks on each page like I mentioned earlier and that you run URLScan and IISLockdown (if you can). Or upgrade to IIS 6. Better yet, do all of the above.

Left by Sirsha Development Resources Blo at 10/6/2004 12:35 PM
# MS KB 887459 : Work Around for the IIS5/ASP.NET Authentication Vulnerability
The hills are alive with the sound of music KB links echoed through blogosphere. As reported here here here here here here here here here here (and too many other places to mention), MS has released a bulletin regarding this vulnerability. If you want to correct the problem, you should add the code from KB article 887459 to your Global.asax (or Global.asax.cs or Global.asax.vb, as the case may be). I still recommend using more fine-grained security checks on each page like I mentioned earlier

Left by Sirsha Development Resources Blo at 3/12/2005 5:40 PM

Your Reply.

Comment Form.

Fields denoted with a "*" are required.

*Your name:

*Subject:

You may also like to leave your email or website.

*Your message:

Please add 6 and 6 and type the answer here:

Enter the code shown above:

Preview Your Comment.

Twitter

billevjen Jim Kramer comment on TV - Whatever money you may need for the next five years, please take it out of the stock market.Right now.This week. about 15 hours ago

billevjen Kids carnival weekend info: http://www.p...3.pdf about 3 days ago

billevjen Kid's school carnival this weekend - I'm working one of the carnival games from 5pm till 10pm tomorrow - Come by in St. Charles, Missouri! about 3 days ago

billevjen TGIF about 3 days ago

billevjen NBC's historical election archives. Quite interesting if you are a history buff. http://www.m...7219/ about 4 days ago

billevjen Tough choice tonight for TV - playoff baseball or debate? Hmmmmm. Watching the debate first. about 4 days ago

billevjen Biden is starting to look a bit annoyed. about 4 days ago

billevjen Palin doesn't seem to like the moderator. about 4 days ago

billevjen Are you being asked by your organization to look into building Apple IPhone apps? about 4 days ago

billevjen Would want to see a Cubs-White Sox or Cubs-Red Sox series. That would be nice. Go Sweet Lou! about 5 days ago

Jump Menu

So what are all these buttons for?

Personalize

Text Size

Layout

Navigation Position

Bill Evjen's Blog

Code, Life and Community

ASP.NET Vulnerability Reported - TAKE PROPER ACTION!

Your Comments.

Your Reply.

Preview Your Comment.

Me

Twitter

Archives

Post Categories

Links

My Books

Programs I'm With

Statement

Syndicate