ASP.Net vulnerability opens way for attack
ASP.Net vulnerability opens way for attack
Microsoft is in the process of investigating a new vulnerability in Microsoft ASP.NET that allows attackers to avoid security preventions on a Web server and gain access to confidential information.
The initial investigation has revealed that all version of ASP.NET could be affected, independent of the installed IIS version or IIS components.
Microsoft has advised that all Web content owners and administrators running any version of ASP.Net to carry out a number of instructions to minimise the negative effects of the hole.
An HTTP module can be applied to an administrator's Web server to protect all ASP.NET applications on the server against URL canonicalisation problems known to Microsoft.
ASP.Net is the latest version of Microsoft's Active Server Page (ASP) technology that provides developers with the opportunity to use Visual Basic, Perl and C# to create Web-based applications by embedding small programs.
The vulnerabilities affect all versions of ASP.NET, including those running on Windows 2000, Windows 2000 Server, XP Professional and Windows Server 2003.
Microsoft is still in the process of working on a security patch for this problem too.Related Article: