Important: ASP.NET Security Vulnerability: ASP Alliance

Print Add To Favorites Email To Friend Rate This Article
Important: ASP.NET Security Vulnerability

page 2 of 11

by Scott Guthrie
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 45662/ 84

Article Contents:

Introduction
What does the vulnerability enable?
How the Vulnerability Works
How to Workaround The Vulnerability
How to verify if the <customErrors> section is correct
Install and Enable IIS URLScan with a Custom Rule
Add an Addition URL Scan Rule
How to Find Vulnerable ASP.NET Applications on Your Web Server
Forum for Questions
Summary
Resources

What does the vulnerability enable?

An attacker using this vulnerability can request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data).

At attacker exploiting this vulnerability can also decrypt data sent to the client in an encrypted state (like ViewState data within a page).

« (Page 1)

View Entire Article

(Page 3) »

User Comments

No comments posted yet.

Product Spotlight