In the NT-Bugtraq mailing list on the first report of Security bug in. NET Forms Authentication for ASP.NET 1.0 (RTM, SP1, SP2, SP3), and ASP.NET 1.1 (RTM, SP1). When the Form Authentication is used when the , anonymous users trying to access protected pages such as http://localhost/WebApplication2/secret.aspx will be redirect to the login page, such as http://localhost/WebApplication2/login.aspx? ReturnUrl =% 2fWebApplication2% 2fsecret.aspx . but if you use Mozilla, anonymous users can be protected without the certificate on the access page: http://localhost/WebApplication2 \ secret.aspx; pairs of IE, you can use the% 5C achieve a similar effect: http://localhost/ WebApplication2% 5Csecret.aspx What You Should Know About a Reported Vulnerability in Microsoft ASP.NET Web page in order to provide countermeasures for this vulnerability. The current response is mainly described as KB887459 as in the Global.asax or the Code-Behind in the Application_BeginRequest add check if (Request.Path.IndexOf ( '\ \')> = 0 | | System.IO.Path. GetFullPath (Request.PhysicalPath)! = Request.PhysicalPath) (throw new HttpException (404, "not found") is clear that each Application needs to have such checks to be this security vulnerability. Microsoft will also provide other responses, please take heed of What You Should Know About a Reported Vulnerability in Microsoft ASP.NET Web page updates.[/img]
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!