Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS) - Microsoft

Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Windows & DOS: Issues & Discussions Security Advisories (RSS) - Microsoft Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
# 1  
Old 09-24-2010
Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -
Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should reapply all listed steps. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

asp-perl

ASP-PERL(1p)						User Contributed Perl Documentation					      ASP-PERL(1p)

NAME

       asp-perl - Apache::ASP CGI and command line script processor

SYNOPSIS

       asp-perl [-hsdb] [-f asp.conf] [-o directory] file1 @arguments file2 @arguments ...

	   -h  Help you are getting now!
	   -f  Specify an alternate configuration file other than ./asp.conf
	   -s  Setup $Session and $Application state for script.
	   -d  Set to debug code upon errors.
	   -b  Only return body of document, no headers.
	   -o  Output directory, writes to files there instead of STDOUT
	   -p  GlobalPackage config, what perl package are the scripts compiled in.

DESCRIPTION

       This program will run Apache::ASP scripts from the command line.  Each file that is specified will be run, and the $Request->QueryString()
       and $Request->Form() data will be initialized by the @arguments following the script file name.

       The @arguments will be written as space separated words, and will be initialized as an associate array where %arguments = @arguments.  As
       an example:

	asp-perl file.asp key1 value1 key2 value2

       would be similar to calling the file.asp in a web environment like

	/file.asp?key1=value1&key2=value2

       The asp.conf script will be read from the current directory for parameters that would be set with PerlSetVar normally under mod_perl.  For
       more information on how to configure the asp.conf file, please see < http://www.apache-asp.org/cgi.html >

SEE ALSO

       perldoc Apache::ASP, and also http://www.apache-asp.org

COPYRIGHT

       Copyright 1998-2004 Joshua Chamas, Chamas Enterprises Inc.

       This program is distributed under the GPL.  Please see the LICENSE file in the Apache::ASP distribution for more information.

perl v5.14.2							    2011-08-15							      ASP-PERL(1p)