Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS) - Microsoft

Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Windows & DOS: Issues & Discussions Security Advisories (RSS) - Microsoft Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
# 1  
Old 09-24-2010
Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should reapply all listed steps. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT V7

netrom

NETROM(4)						     Linux Programmer's Manual							 NETROM(4)

NAME

       AF_NETROM - NET/ROM amateur packet radio protocol family

DESCRIPTION

       NET/ROM is a protocol used extensively by radio amateurs. The Linux NET/ROM protocol family permits access to these protocols via the stan-
       dard networking socket metaphor.

       The NET/ROM protocol layer only supports connected mode. IP traffic may be stacked on top of NET/ROM frames using a non-standard  extension
       to the NET/ROM protocol.

       The  only  mode of operation is connected mode which is the mode used for a socket of type SOCK_SEQPACKET (stream sockets are not available
       in NET/ROM).  This requires that the user ensures output data is suitably packetised, and that input data is read a packet at a time into a
       buffer of suitable size.

       NET/ROM	addresses  consist  of	6 ascii characters and a number called the SSID. These are encoded into a sockaddr_ax25 structure which is
       provided to the relevant system calls.

       NET/ROM has some unusual properties. Notably in a multi-user system an AX.25 address is often associated with a user, and  some	users  may
       not have such an association. a set of ioctl calls are provided to manage an association table.

       NET/ROM	supports  the following socket options for SOL_NETROM. NETROM_T1 is the T1 timer in 1/10ths of a second, NETROM_T2 is the T2 timer
       in 1/10ths of a second. NETROM_N2, the retry counter is also configurable. There is no 'infinite retry' option  supported  however.  It	is
       possible  for  an application to request that the NET/ROM layer return the NET/ROM header as well as the application data, this is done via
       the NETROM_HDRINCL socket option.

SEE ALSO

       call(1), socket(2), setsockopt(2), getsockopt(2), nrbroadcast(5), nrports(5), netromd(8), noderest(8), nodesave(8), nrparms(8).

AUTHOR

       Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>

Linux								   25 July 1996 							 NETROM(4)