Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure

Sponsored Content

Special Forums Windows & DOS: Issues & Discussions Security Advisories (RSS) - Microsoft Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure - Post 302456657 by Linux Bot on Friday 24th of September 2010 09:00:04 PM

09-24-2010

Registered User

Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -

Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should reapply all listed steps. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT DEBIAN

mconfig

Mono(mconfig)															     Mono(mconfig)

NAME

       mconfig, - Utility for modifying .NET configuration files

SYNOPSIS

       mconfig [options] command [command_parameters]

DESCRIPTION

       mconfig	can  be  used to edit .NET configuration files, by adding "features" (that is sets of xml statements) defined in one of the config
       files read by mconfig. The config file can also define layouts of default configuration files, which may be useful for  bootstrapping  your
       .NET projects.

       To see the list of recognized commands, default configuration files and features, run mconfig without passing any parameters.

OPTIONS

       -c <config_file>, --config=<config_file>
	      Read  the specified config file after reading the other, preconfigured, config files for the utility. Settings in the specified file
	      override those found in the other configuration locations.

       -t {any | web | application}, --target={any | web | application}
	      Features and default configuration files defined in the mconfig config file(s) can be assigned to one of the  three  targets  -  web
	      (for ASP.NET features/config files), application - for .NET applications, any - applicable in both of the previous targets. Defaults
	      to any.

       -?, -h, --help
	      Show a summary usage screen.

       -v, --version
	      Show the mconfig version

COMMANDS

       {addfeature, af} <feature_name> [config_file_path]
	      Adds the feature named <feature_name> to the specified config file. If [config_file_path] is omitted, the name of the output config-
	      uration  file  will  be  chosen based on the selected target (see the -t option). The web target outputs configuration to file named
	      Web.config, and the application target outputs to file named application.exe.config. The any target does not have a  default  output
	      file.

	      If  the  specified  config file exists, the feature will be injected into it at the locations specified by mconfig configuration. If
	      the target config file does not exist, it will be created and will contain only the specified feature and all its dependencies.

       {defaultconfig, dc} [config_name [target_directory]]
	      Generates a default config file using the configuration entry named [config_name] and outputs the resulting  configuration  file	to
	      the directory given by the [target_directory] option.  If [config_name] is omitted, it defaults to Web.config for the web target and
	      application target. The any target does not specify any default output configuration name. If the  [target_directory]  parameter	is
	      omitted, it defaults to the current directory.

	      Name of the output config file created in [target_directory] is given in the config file layout definition.

FILES

       Config files are read in the order given below. Each subsequent file may override settings found in the files read before it.

       $prefix/etc/mono/mconfig/config.xml
	      The  default  configuration  file, distributed with mconfig. $prefix is the mconfig installation prefix specified on the compilation
	      time.

       $config_dir/mconfig/config.xml
	      $config_dir is the directory specified in the XDG_CONFIG_HOME environment variable or,
	       if it is empty, in the .config directory located in the user's home directory. This file is not distributed with Mono.

       ./mconfig.xml
	      Local configuration file which can contain per-application settings.

SEE ALSO

       mconfig.config (5)

AUTHOR

       Written by Marek Habersack

COPYRIGHT

       Copyright (C) 2007 Novell, Inc (http://www.novell.com)

MAILING LISTS

       Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.

WEB SITE

       Visit: http://www.mono-project.com for details

																     Mono(mconfig)