Microsoft Security Advisory (2416728): Vulnerability in ASP.NET Could Allow Information Disclosure

News

Extraordinary Robot
Robot
Joined
Jun 27, 2006
Messages
23,048
Revision Note: V1.2 (September 24, 2010): Added an entry to the FAQ to announce a revision to the workaround, "Enable a UrlScan or Request Filtering rule, enable ASP.NET custom errors, and map all error codes to the same error page." Customers who have already applied the workaround should reapply all listed steps.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-070 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-070. The vulnerability addressed is the ASP.NET Padding Oracle Vulnerability - CVE-2010-3332.

Link Removed due to 404 Error
 


Back
Top