Difference between revisions of "ASP.NET POET Vulnerability"

From OWASP
Jump to: navigation, search
(Created page with 'This page contains details about the recently disclosed ASP.NET POET Vulnerability: References: * Microsoft Security Advisory (2416728) : http://www.microsoft.com/technet/securi…')
 
Line 1: Line 1:
 +
__TOC__
 
This page contains details about the recently disclosed ASP.NET POET Vulnerability:
 
This page contains details about the recently disclosed ASP.NET POET Vulnerability:
  
References:
+
===Advisory===
 
* Microsoft Security Advisory (2416728) : http://www.microsoft.com/technet/security/advisory/2416728.mspx
 
* Microsoft Security Advisory (2416728) : http://www.microsoft.com/technet/security/advisory/2416728.mspx
 +
 +
=== Fixes (via web.config change)===
 +
* Important: ASP.NET Security Vulnerability  (ScottGu's blog) http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
 +
* DotNetNuke ASP.NET Security Vulnerability Fix: http://www.subodh.com/Blog/PostID/116/DotNetNuke-ASP-NET-Security-Vulnerability-Fix
 +
 +
===Blogs, News, Articles===
 
* Understanding the ASP.NET Vulnerability: http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
 
* Understanding the ASP.NET Vulnerability: http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
 
* ASP.NET POET Vulnerability - What Else Can I Do?  http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/
 
* ASP.NET POET Vulnerability - What Else Can I Do?  http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/
Line 9: Line 16:
 
* Security researchers 'destroy' Microsoft ASP.NET security http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security
 
* Security researchers 'destroy' Microsoft ASP.NET security http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security
 
* Argentina joins Axis of Evil with zero day ASP.NET exploit http://www.techeye.net/security/argentina-joins-axis-of-evil-with-zero-day-asp-net-exploit
 
* Argentina joins Axis of Evil with zero day ASP.NET exploit http://www.techeye.net/security/argentina-joins-axis-of-evil-with-zero-day-asp-net-exploit
** discussion Threads
 
** Security researchers 'destroy' Microsoft ASP.NET security  http://news.ycombinator.com/item?id=1701502
 
** Quite serious security hole in ASP.NET discovered: http://www.reddit.com/r/programming/comments/df72k/quite_serious_security_hole_in_aspnet_discovered
 
* Fixes (via web.config change)
 
** DotNetNuke ASP.NET Security Vulnerability Fix: http://www.subodh.com/Blog/PostID/116/DotNetNuke-ASP-NET-Security-Vulnerability-Fix
 
** Important: ASP.NET Security Vulnerability  (ScottGu's blog) http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
 
 
 
 
 
* Padding Oracle Exploit Tool http://netifera.com/research/
 
* Padding Oracle Exploit Tool http://netifera.com/research/
 
* Google Search: http://www.google.co.uk/search?q=ASp.NET+vulnerability
 
* Google Search: http://www.google.co.uk/search?q=ASp.NET+vulnerability
  
 
+
=== discussion Threads===
 
+
* Security researchers 'destroy' Microsoft ASP.NET security  http://news.ycombinator.com/item?id=1701502
 +
* Quite serious security hole in ASP.NET discovered: http://www.reddit.com/r/programming/comments/df72k/quite_serious_security_hole_in_aspnet_discovered
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Revision as of 10:13, 20 September 2010

Contents

This page contains details about the recently disclosed ASP.NET POET Vulnerability:

Advisory

Fixes (via web.config change)

Blogs, News, Articles

discussion Threads