Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.
This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.
More details at:
Check this KB article - that provides prescriptive guidance on how to protect against canonicalization issues immediately on their site. This KB will help developers protect themselves on a per application basis.
The Microsoft Knowledge Base article can be viewed here:
No comments:
Post a Comment