Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure -

News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Location
Chicago, IL
Revision Note: V1.1 (September 20, 2010): Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround. Advisory Summary:Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. Microsoft is aware of limited, active attacks at this time.

Link Removed due to 404 Error
 
Back
Top Bottom