473,786 Members | 2,566 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

-ASP.NET Security Issue and Guidance

This what i got from microsoft!
GDluck

Dear ASP.NET Customer,

This alert is to advise you of the availability of a web page that
discusses an investigation Microsoft is currently conducting into
public reports of a security vulnerability in ASP.NET. A malicious
user could provide a specially-formed URL that could result in the
unintended serving of secured content.

This alert is also to advise you of the availability of a new
Microsoft Knowledge Base article: 887459. This article contains
prescriptive guidance with steps customers can implement on their
ASP.NET applications to help protect against a wide variety of
malformed URL attacks.

Microsoft is providing this prescriptive guidance in order to inform
customers as quickly as possible about the vulnerability and
information on how to prevent an attack. Microsoft is actively
investigating this issue and plans to release additional guidance
and a security update to remedy the issue as soon as possible.
The Microsoft Knowledge Base article can be viewed here:
http://support.microsoft.com/?kbid=887459

The web page that discusses the current investigation into the
public reports of a vulnerability in ASP.Net can be viewed here:
http://www.microsoft.com/security/incident/aspnet.mspx

If you have any questions, please see the discussion in the ASP.NET
Security Forums at:

http://www.asp.net/Forums/ShowForum....x=1&ForumID=25
Thank you,
The Microsoft ASP.NET Team

Nov 18 '05 #1
0 1108

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
3939
ASP security model / file permissions to allow updating of a database
by: Fran Tirimo | last post by:
I am developing a small website using ASP scripts to format data retrieved from an Access database. It will run on a Windows 2003 server supporting FrontPage extensions 2002 hosted by the company 1&1 with only limited server configuration via a web based control panel. My query relates to the ASP security model and how it relates to FrontPage options for setting file access on a database file. If you know of any online documentation...
ASP / Active Server Pages
3
2388
SSL, PDF, Javascript Security Issue
by: Sandeep | last post by:
Hello All, I have a site written in ASP/VB COM and setup completly over https. Browser is IE 6. I am doing a post from one page to another using document.formname.submit. This works fine throughout the system. In one of the ASP pages a pdf is displayed with content(inline). So when the post is done to this page, the "The page contains secure and
Javascript
2
1382
Slow page loads, possible security issue?
by: Scott F. Brown | last post by:
Hello all, I am attempting to work on a project for work at home and I'm experiencing extremely slow page loads. These are pages that work fine in the office but when I try to work on the project at home on my laptop, the pages take upwards of 100+ seconds to load. I will try to give all the pertinent info below. I think it is probably a security issue which is why I am cross posting. My laptop is acting as my web server. I am...
ASP.NET
5
1105
Major security issue?
by: Keith | last post by:
I have found what I believe to be a serious security issue in ASP.Net. If you have: 1. Your website configured for anonymous access 2. Elect under web.config to set the sessionstate attribute of cookieless to true Anyone from any IP address or across another browser can copy the URL and work within the session. My question is "Why doesn't ASP.Net provide an option around ensuring
ASP.NET
2
1352
Security issue with .htm pages in folders
by: Magnus Blomberg | last post by:
Hi there! I am using VS 2005 beta for developing my new web application. I have a security issue, that I don't know if it is wrong by me, an IIS6 problem or an VS beta problem. I have a web application where the first page is public and IIS is set up with Anonymous login enabled and Integrated Windows authentication. All other pages is placed under a folder called Protected created from VS. My web.config looks like this (shrinked): ...
ASP.NET
7
1459
ASP.NET Uploading Security Issue?
by: chuckdfoster | last post by:
I am developing an ASP.NET site where an site administrator can upload files via ASP.NET into a Documents folder. These documents are then viewed by site users. I used the MS KB article http://support.microsoft.com/default.aspx?scid=kb;en-us;323245 to learn how to do this. Is there a security issue with this. If you are giving the ASPNET account Read & Execute, List Folder Contents, Read, and Write permissions, then could they not...
ASP.NET
0
2229
Another Windows Server 2003 Security Issue?
by: Charles Leonard | last post by:
I am having yet another issue with Windows Server 2003. This time, the web service (a file import web service) appears to run except for one odd message: "ActiveX component can't create object". There are no other statements to indicate what object cannot be created. Otherwise, everything on the test Windows Server 2003 works fine—all import data updates correctly. Unfortunately, my normal development environment is not Windows...
.NET Framework
20
1562
security issue about expose file directory
by: =?Utf-8?B?YzY3NjIyOA==?= | last post by:
Hi all, If in an ASP program, I need to display a pdf file link for users to print and read. Is there any security issue? We are thinking about doing this is many mail servers block emails with pdf file attachment. We just try to give an opportunity to users to print the document themselves instead of completely depending on email delivery. Thank you. --
ASP / Active Server Pages
1
1728
Access 2000 security issue
by: Edmund | last post by:
I hope someone can help me out set up the security properly. I have Microsoft Access 97 and Access 2000 in my computer and I developed my database with Access 2000 with the updated patch SP-3. I had no trouble to create a workgroup and successfully to run the security
Microsoft Access / VBA
2
2649
Re: Security issue with an HTA frame
by: Oriane | last post by:
With IIS7 on Vista SP1, the problem does not occur. When I told you yesterday that the problem occurs on Windows XP/Vista, I talked about the client environment.
ASP.NET
0
9496
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10363
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
10110
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9961
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8989
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6745
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5397
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5534
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4066
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us