There is a report on ASP.NET vulnerability and Microsoft is currently investigating on this issue. The issue is that ASP.NET is failing to perform proper canonicalization of some URLs.==========================================================================
What is Canonicalization?
Canonicalization is the process by which various equivalent forms of a name can be resolved to a single standard name, or the "canonical" name. For example, on a specific computer, the names c:\dir\test.dat, test.dat, and ..\..\test.dat might all refer to the same file. Canonicalization is the process by which such names are mapped to a name that is similar to c:\dir\test.dat.
When a URL is received by a Web server, the server maps the request to a file system path that determines the response. The canonicalization routine that is used to map the request must correctly parse the URL to avoid serving or processing unexpected content.
This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.
To know more about this issue and recommended guidance on best practices visit