WebApp Sec mailing list archives

Re: New Vulnerability in Microsoft ASP.NET

From: "Adam Tuliper" <amt () gecko-software com>
Date: Thu, 07 Oct 2004 23:01:55 -0400

There's been some confusion as to if URLScan will prevent
this issue, and it will.

As well as (released today) 
Microsoft ASP.NET ValidatePath Module
http://www.microsoft.com/downloads/details.aspx?familyid=DA77B852-DFA0-4631-AAF9-8BCC6C743026&displaylang=en

Earlier in the day they recommended adding code to each
application to fix this, you wait a few hours and voila.. a
better fix. Its not too often we get to see that from ms :
)




On Thu, 7 Oct 2004 17:05:41 -0400
 "Wojciech Dojka" <wdojka () incurrent com> wrote:


I haven't seen any discussions here on this. The links
below point to a serious new vulnerability in ASP.NET:

http://www.microsoft.com/security/incident/aspnet.mspx
http://support.microsoft.com/?kbid=887459

http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754

http://dotnetjunkies.com/WebLog/richard.dudley/archive/2004/10/06/27788.aspx

http://msmvps.com/bernard/archive/2004/10/07/15136.aspx

http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/10/02/27441.aspx




---------------------
Wojciech Dojka
Information Security Engineer
Incurrent Solutions


---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/

Current thread:

New Vulnerability in Microsoft ASP.NET Wojciech Dojka (Oct 07)
- Re: New Vulnerability in Microsoft ASP.NET Adam Tuliper (Oct 09)