Wednesday, February 09, 2005 1:05 AM bart

Important information about ASP.NET Path Validation Vulnerability

Read more on http://support.microsoft.com/kb/886903 and http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx. It's currently under review at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0847.

The Microsoft .NET forms authentication capability allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash).

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under: ,

Comments

No Comments