Results 1 to 16 of 16

Thread: Important: ASP.NET Vulnerability

  1. #1

    Thread Starter
    Raging swede Atheist's Avatar
    Join Date
    Aug 2005
    Location
    Sweden
    Posts
    8,018

    Important: ASP.NET Vulnerability

    I think this is important for everyone to read.

    An ASP.NET vulnerability was unveiled recently. Please read the following message from Microsoft Security Response Center for information on the vulnerability and how to fix it.

    http://blogs.technet.com/b/msrc/arch...-released.aspx
    Rate posts that helped you. I do not reply to PM's with coding questions.
    How to Get Your Questions Answered
    Current project: tunaOS
    Me on.. BitBucket, Google Code, Github (pretty empty)

  2. #2
    Frenzied Member brin351's Avatar
    Join Date
    Mar 2007
    Location
    Land Down Under
    Posts
    1,293

    Re: Important: ASP.NET Vulnerability

    That's a dangerious threat. Thanks for the heads up.
    The problem with computers is their nature is pure logic. Just once I'd like my computer to do something deluded.

  3. #3
    Frenzied Member avrail's Avatar
    Join Date
    Mar 2006
    Location
    Egypt, Cairo
    Posts
    1,221

    Re: Important: ASP.NET Vulnerability

    thanks for the thread
    You Don't Have to Rate Me.
    I'm Not a Civilized Man I'm the Civilization it self
    White or Black, Living or Dieing and 0 or 1 that's MY life
    iam an Object in Object Oriented Life
    my blog : http://refateid.blogspot.com/
    twitter :@avrail
    010011000111010101110110001000000100110101111001001000000101000001100011

  4. #4
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    Hello Athehist,

    Thanks for the heads up, I was note aware of this.

    Gary

  5. #5
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    Hello everyone,

    I am just reading more information about this vulnerability here:

    http://weblogs.asp.net/scottgu/archi...erability.aspx

    Gary

  6. #6
    Junior Member
    Join Date
    May 2009
    Location
    Buffalo, NY
    Posts
    30

    Re: Important: ASP.NET Vulnerability

    Simple enough fix.

    Other thing I do, which was kind of an "oh duh" moment for me, was I put this in a long time ago. I used to have a "you don't have permission to access this page" type page, and a generic "oops something happened" type page.

    The issue was, finding the "you don't have permission to access this page" means "Hey, you ALMOST made it into a protected page, now that you know the URL start going to town with every technique/script you have!"

    So the generic Error page isn't all that bad of an option anyway. Unique error information should be logged into your web error log anyway.
    Using VB 2010/2008/2005 (Windows and ASP)

  7. #7
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    Some more information has been posted about this by Scott Gu, you can find it here:

    http://weblogs.asp.net/scottgu/archi...erability.aspx

    This exploit affects all ASP.Net Application, including ASP.Net MVC, and SharePoint. You can find information about SharePoint here:

    http://blogs.msdn.com/b/sharepoint/a...harepoint.aspx

    Gary

  8. #8
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    Hey,

    Looks like there is a fix for this.

    Being released today:

    http://weblogs.asp.net/scottgu/archi...sept-28th.aspx

    Gary

  9. #9
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    A patch is now available for the ASP.Net Vulnerability:

    http://weblogs.asp.net/scottgu/archi...available.aspx

    Gary

  10. #10
    Frenzied Member avrail's Avatar
    Join Date
    Mar 2006
    Location
    Egypt, Cairo
    Posts
    1,221

    Re: Important: ASP.NET Vulnerability

    thanks Gary
    You Don't Have to Rate Me.
    I'm Not a Civilized Man I'm the Civilization it self
    White or Black, Living or Dieing and 0 or 1 that's MY life
    iam an Object in Object Oriented Life
    my blog : http://refateid.blogspot.com/
    twitter :@avrail
    010011000111010101110110001000000100110101111001001000000101000001100011

  11. #11

  12. #12
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: Important: ASP.NET Vulnerability

    This was also posted to the US-CERT mailing list. If you don't already subscribe, it's a great way to keep track of the latest security announcements/vulnerabilities from Microsoft/Adobe/Oracle/etc.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  13. #13
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    Nice link tr333, I didn't know about that one.

    Thanks

    Gary

  14. #14
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    The update is now being pushed out through Windows Update as well:

    http://weblogs.asp.net/scottgu/archi...ws-update.aspx

    Gary

  15. #15
    Learning .Net danasegarane's Avatar
    Join Date
    Aug 2004
    Location
    VBForums
    Posts
    5,853

    Re: Important: ASP.NET Vulnerability

    Quote Originally Posted by gep13 View Post
    The update is now being pushed out through Windows Update as well:

    http://weblogs.asp.net/scottgu/archi...ws-update.aspx

    Gary
    That's sound good
    Please mark you thread resolved using the Thread Tools as shown

  16. #16
    PowerPoster gep13's Avatar
    Join Date
    Nov 2004
    Location
    The Granite City
    Posts
    21,963

    Re: Important: ASP.NET Vulnerability

    Yip, hopefully there won't be many installations left in an unpatched state with it being pushed out this way.

    Gary

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width