Important: ASP.NET Security Vulnerability
page 1 of 11
Published: 18 Sep 2010
Unedited - Community Contributed
In this article, Scott examines an ASP.NET security vulnerability which was recently discovered by Microsoft. He begins by providing a basic overview of the vulnerability and also discusses how to enable the patch on ASP.NET 1.0, 2.0, 3.5, 3.5 SP1 and 4.0. Towards the end of the article, he examines the installation and enabling of IIS URLScan with a Custom Rule including adding an addition URL scan rule. You will also learn how the find Vulnerable ASP.NET Applications on Your Web Server by running a command with the help of a relevant screenshot.
by Scott Guthrie
Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 45771/ 74


Republished with Permission - Original Article

A few hours ago we released a Microsoft Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET.

This vulnerability was publically disclosed late Friday at a security conference. We recommend that all customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.

Important Update: You can now download the official security patch update here. Please install it ASAP on your servers – it is the only way to protect against the vulnerability. You should no longer rely on the below workaround and instead install the official security patch update immediately to protect yourself.

View Entire Article

User Comments

No comments posted yet.

Product Spotlight
Product Spotlight 

Community Advice: ASP | SQL | XML | Regular Expressions | Windows

©Copyright 1998-2024  |  Page Processed at 2024-07-24 8:23:02 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search