This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "ASP.NET POET Vulnerability"

From OWASP
Jump to: navigation, search
(Added link to YouTube video)
(Added introductory sentences as a first step towards Dinis' recommended "good/objective description of the problem, good technical desciption of the problem and tons of references")
Line 1: Line 1:
 
__TOC__  
 
__TOC__  
This page contains details about the recently disclosed ASP.NET POET Vulnerability:
+
This page contains details about the ASP.NET POET vulnerability disclosed on 2010-09-17. This vulnerability exists in all versions of ASP.NET (all  versions released through 2010-09-18).  As of 2010-09-20, there is no fix available to resolve the vulnerability; in the meantime, Microsoft strongly urges all ASP.NET deployments [http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx| perform the recommended workaround] to mitigate the vulnerability in the short-term.
  
 
===Advisory===
 
===Advisory===

Revision as of 21:45, 20 September 2010

This page contains details about the ASP.NET POET vulnerability disclosed on 2010-09-17. This vulnerability exists in all versions of ASP.NET (all versions released through 2010-09-18). As of 2010-09-20, there is no fix available to resolve the vulnerability; in the meantime, Microsoft strongly urges all ASP.NET deployments perform the recommended workaround to mitigate the vulnerability in the short-term.

Advisory

Fixes (via web.config change)

Blogs, News, Articles

discussion Threads