Canonicalization security bug in ASP.NET

As many people know, there has been a lot of talk about a security bug in ASP.NET running on Windows 2000.  Microsoft has just announced information regarding this bug.  Here are some urls that I suggest you look into.

http://support.microsoft.com/?kbid=887459

http://www.microsoft.com/security/incident/aspnet.mspx

http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25

http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=709506

1 Comment

  • I'm quite amazed by the fact that something so simple only now being discovered. While something that's easy to fix with just a few lines of code, I'm hoping for a hotfix from MS.



    I personally reproduced this very easily on my own box...

Comments have been disabled for this content.