Microsoft Probes Flaw in ASP.NET

• From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
• To: nethappenings@xxxxxxxxxxxxx
• Date: Tue, 12 Oct 2004 12:34:18 -0400

**************************************************************
Educational CyberPlayGround http://www.edu-cyberpg.com/
**************************************************************
Net Happenings Mailing List

Net Happenings Service
<http://www.edu-cyberpg.com/Community/Subguidelines.html>

Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/NetHappenings.html>
**************************************************************
National Children's Folksong Repository www.edu-cyberpg.com
Integrate Literacy, Music, and Technology into the classroom.
**************************************************************

**************************************************************************
ActiveServers, Inc ServerFarm, Co-Location, Point to Point Wireless,
Consulting, and Windows dotnet Servers. Premium Hosting Solutions
on multiple OC-48 redundant connections.
Visit http://activeservers.com
**************************************************************************

>http://www.eweek.com/article2/0,1759,1668443,00.asp
>
>By Simone Kaplan
>October 7, 2004
>
>Microsoft Corp. is investigating a reported security flaw in its
>ASP.NET technology that could allow intruders to access
>password-protected sections of a Web site simply by altering a URL.
>
>The hole involves a glitch in ASP.NET's processing of URLs, a process
>known as canonicalization. According to an advisory posted Tuesday on
>Microsoft's Web site, "an attacker can send specially crafted requests
>to the server and view secured content without providing the proper
>credentials."
>
>ASP.NET, the latest iteration of Microsoft's ASP (Active Server Pages)
>technology, is a Web development platform for building Web-centric
>applications.
<snip>


<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND 
http://www.edu-cyberpg.com

Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html

FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp

HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp

Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription