« ASP.NET Performance | Main | MSBuild Compatibility Toolkit 1.0 Available »
October 08, 2004
ASP.NET Canonicalization Security Flaw
A security vulnerability in ASP.NET has been identified that could allow an attacker to gain access to secured content. This issue centers around how ASP.NET locates files based on file names sent as part of a server request. Microsoft has issued a recommendation to add a check for this attack to your Global.asax file.
What is canonicalization?
Canonicalization is the process by which various equivalent forms of a name can be resolved to a single standard name, or the "canonical" name. For example, on a specific computer, the names c:\dir\test.dat, test.dat, and ..\..\test.dat might all refer to the same file. Canonicalization is the process by which such names are mapped to a name that is similar to c:\dir\test.dat.
Microsoft ASP.NET Security Incident
You may be able to safeguard against this by following the MS recomendation here:
Programmatically check for...
Posted by 0xFF3300 at October 8, 2004 09:37 AM
Trackback Pings
TrackBack URL for this entry:
http://www.dudeforce.net/cgi-bin/mt-tb.cgi/101
Listed below are links to weblogs that reference ASP.NET Canonicalization Security Flaw:
Comments
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)