Serious ASP.NET Vulnerability，用ASP.NET建站的朋友小心了

来源: BlogBus 原始链接: http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=431364 存档链接: https://web.archive.org/web/20041103094912id_/http://www.blogbus.com:80/blogbus/blog/diary.php?diaryid=431364

漆黑中我飘过 Endure the hardship, cease the pain <<<MSN Messenger 7 Beta News - no winks, no sign-in | 首页 | 不知为什么这是一个……离别的季节>>> 2004-10-08 Serious ASP.NET Vulnerability，用ASP.NET建站的朋友小心了 Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP. This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003. The underlying issue is that ASP.NET is failing to perform proper canonicalization of some URLs. Microsoft Knowledge Base (KB) article 887459, "Programmatically Checking for Canonicalization Issues with ASP.NET," describes how to add additional safeguards to an ASP.NET application to help protect against common canonicalization issues, such as those related to this reported vulnerability. evanjr 发表于 2004-10-08 22:29 引用Trackback(0) | 编辑评论发表评论最后更新又是一个月末撬墙角? To do or not? 今天真是累 Mozilla Firefox 1.0 RC1 不知为什么这是一个……离别的季节 Serious ASP.NET Vulnerability，用ASP.NET建站的朋友小心了 MSN Messenger 7 Beta News - no winks, no sign-in News Report from Iraq Spirit.Realm☆ 大学城迄今为止至少发生5件强奸案-_-!!