asp.net

Microsoft security update MS11-100 limits the maximum number of form keys, files, and JSON members to 1000 in an HTTP request. Because of this change, ASP.NET applications reject requests that have more than 1000 of these elements. HTTP clients that... More...

Severity Rating: Critical Revision Note: V1.1 (December 30, 2011): Added entry to the Update FAQ to address security-related changes to functionality contained in this update and added mitigation for CVE-2011-3414 Summary: This security update resolves one publicly...

Describes an issue related to the security update MS11-100. The security update changes the format of forms authentication tickets in a way that is incompatible with the older version of forms authentication tickets. More...

Security update MS11-100 limits the maximum number of form keys, files, and JSON members to 1000 in a request. Because of this change, ASP.NET applications reject requests that have more than 1000 of these elements. Clients who make these kinds of... More...

Hosts: Jonathan Ness, Security Development Manager, MSRC Pete Voss, Sr. Response Communications Manager, Trustworthy Computing Website: TechNet/Security Chat Topic: December 2011 Out-Of-Band Security Bulletin Release Date...

Resolves a vulnerability in ASP.NET that could allow information disclosure. An attacker that successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. More...

Resolves a vulnerability in ASP.NET that could allow information disclosure. An attacker that successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. More...

This article contains details for the ASP.NET update for the .NET Framework. More...

Resolves a vulnerability in ASP.NET that could allow information disclosure. An attacker that successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. More...

Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883. The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported...

Severity Rating: Critical Revision Note: V1.0 (January 10, 2011): Bulletin published. Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these...

Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of...

Provides a link to Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service. Link Removed

Provides a link to Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service. Link Removed

Revision Note: V1.0 (December 28, 2011): Advisory published. Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks...

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions...

Severity Rating: Critical Revision Note: V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems. Summary: This security update resolves a privately reported vulnerability in Microsoft...

Severity Rating: Critical Revision Note: V3.1 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems. Summary: This security update resolves a privately reported vulnerability in Microsoft...

Revision Note: V2.0 (September 28, 2010): Advisory updated to reflect publication of security bulletin Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue...

Severity Rating: Important Revision Note: V4.1 (April 20, 2011): Corrected registry key verification for Microsoft .NET Framework 3.5 Service Pack 1 when installed on Windows XP and Windows Server 2003. Summary: This security update resolves a publicly disclosed...