Microsoft ASP.NET contains a canonicalization vulnerability that may allow a remote unauthenticated attacker to gain access to secure contents.
Microsoft ASP.NET is a programming framework for creating web applications. The canonicalization routine used by ASP.NET fails to correctly parse URLs.
Depending on the contents of the web site, an attacker may take a variety of actions. For example, a remote unauthenticated attacker may be able to access secure web site contents by using a specially crafted URL.
Install an update
Install an update, as specified by MS05-004.
This vulnerability was publicly disclosed by Toby Beaumont.
This document was written by Will Dormann.
|Date First Published:||2005-02-09|
|Date Last Updated:||2007-10-16 20:58 UTC|