Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS) - Microsoft

Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Windows & DOS: Issues & Discussions Security Advisories (RSS) - Microsoft Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
# 1  
Old 09-21-2010
Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
Revision Note: V1.1 (September 20, 2010): Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

apache::authcookie::faq

Apache::AuthCookie::FAQ(3pm)				User Contributed Perl Documentation			      Apache::AuthCookie::FAQ(3pm)

NAME

       Apache::AuthCookie::FAQ - Frequently Asked Questions about Apache::AuthCookie.

VERSION

       version 3.18

DESCRIPTION

       This document serves to answer the most frequently asked questions about Apache::AuthCookie.

   How can I protect an entire site (/) with Apache::AuthCookie?
       You have to give an Apache "require" directive that applies to all requests for except for your login handler.  The easiest way to do this
       is to override the auth handlers for your login script. For example, if your login handler is "/LOGIN", then you need to use something like
       the following:

	<Location />
	  AuthType My::AuthCookieHandler
	  AuthName Whatever
	  PerlAuthenHandler My::AuthCookieHandler->authenticate
	  PerlAuthzHandler My::AuthCookieHandler->authorize
	  require valid-user
	</Location>

	<Location /LOGIN>
	  PerlAuthenHandler Apache2::Const::OK
	  PerlAuthzHandler Apache2::Const::OK
	</Location>
	...

NAME

       Apache::AuthCookie::FAQ - Frequently Asked Questions about Apache::AuthCookie.

AUTHOR

	 Michael Schout <mschout@cpan.org>

COPYRIGHT AND LICENSE

       This software is copyright (c) 2000 by Ken Williams.

       This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

BUGS

       Please report any bugs or feature requests to bug-apache-authcookie@rt.cpan.org or through the web interface at:
	http://rt.cpan.org/Public/Dist/Display.html?Name=Apache-AuthCookie

perl v5.12.3							    2011-05-09					      Apache::AuthCookie::FAQ(3pm)