For your AC SEO BLOG and RSS FEED (suggested):
http://weblogs.asp.net/scottgu/archive/ ... ility.aspx
ASP.NET security vulnerability
-
NC Software
- AbleCommerce Partner
- Posts: 4620
- Joined: Mon Sep 13, 2004 6:06 pm
- Contact:
ASP.NET security vulnerability
Neal Culiner
NC Software, Inc.
NC Software, Inc.
-
jmestep
- AbleCommerce Angel
- Posts: 8164
- Joined: Sun Feb 29, 2004 8:04 pm
- Location: Dayton, OH
- Contact:
Re: ASP.NET security vulnerability
Rats! Neal, I thought I beat you to something for a change.
http://www.microsoft.com/technet/securi ... 16728.mspx
http://www.microsoft.com/technet/securi ... 16728.mspx
Judy Estep
Web Developer
jestep@web2market.com
http://www.web2market.com
708-653-3100 x209
New search report plugin for business intelligence:
http://www.web2market.com/Search-Report ... -P154.aspx
Web Developer
jestep@web2market.com
http://www.web2market.com
708-653-3100 x209
New search report plugin for business intelligence:
http://www.web2market.com/Search-Report ... -P154.aspx
-
Logan Rhodehamel
- Developer
- Posts: 4116
- Joined: Wed Dec 10, 2003 5:26 pm
Re: ASP.NET security vulnerability
AC will be OK if you comment out the custom 404 line in our default web.config file. Other than that it's using the same redirect for all errors.
Should become:
At least until Microsoft fixes the problem.
Code: Select all
<customErrors mode="On" defaultRedirect="~/Errors/GeneralError.aspx">
<error statusCode="404" redirect="~/Errors/PageNotFound.aspx" />
</customErrors>Code: Select all
<customErrors mode="On" defaultRedirect="~/Errors/GeneralError.aspx">
<!-- <error statusCode="404" redirect="~/Errors/PageNotFound.aspx" /> -->
</customErrors>Cheers,
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Logan
.comIf I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Re: ASP.NET security vulnerability
Wow. I just downloaded the latest version of AC. Do I need to worry about this? Do I need to make the code change in my web.config file? I'm still learning web security. Much thanks!
-
NC Software
- AbleCommerce Partner
- Posts: 4620
- Joined: Mon Sep 13, 2004 6:06 pm
- Contact:
Re: ASP.NET security vulnerability
Microsoft is releasing a fix later today (9/28). All should do Windows Updates on your servers, etc. to install this security patch when released by Microsoft.
Neal Culiner
NC Software, Inc.
NC Software, Inc.
-
NC Software
- AbleCommerce Partner
- Posts: 4620
- Joined: Mon Sep 13, 2004 6:06 pm
- Contact:
-
NC Software
- AbleCommerce Partner
- Posts: 4620
- Joined: Mon Sep 13, 2004 6:06 pm
- Contact:
Re: ASP.NET security vulnerability
The security fixes are NOW available via Windows Update. Be sure to update ASAP!
Neal Culiner
NC Software, Inc.
NC Software, Inc.