Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -

Discussion in 'Security Alerts' started by News, Sep 17, 2010.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,203
    Likes Received:
    20
    Revision Note: V1.0 (September 17, 2010): Advisory published. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

    More...
     

Share This Page

Loading...