I just received an e-mail (an Alert) from Microsoft to advise of the availability of information on the web of a security vulnerability in ASP.NET where a malicious user could provide a specially-formed URL that could result in the unintended serving of secured content. Microsoft is asking ASP.NET developers to become familiarized with the issue and take precautionary measures to prevent current (and future) applications from being affected.
The Microsoft Knowledge Base article can be viewed here: http://support.microsoft.com/?kbid=887459
The web page that discusses the current investigation into the public reports of a vulnerability in ASP.Net can be viewed here: http://www.microsoft.com/security/incident/aspnet.mspx
The issue is also being discussed in the ASP.NET Security Forums at: http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25
posted @ Wednesday, October 06, 2004 1:49 PM | Feedback (0)