Need help with vulnerability

Discussion in 'other security issues & news' started by helpmeplz, Jun 7, 2006.

Thread Status:
Not open for further replies.
  1. helpmeplz

    helpmeplz Registered Member

    Joined:
    May 2, 2006
    Posts:
    14
    I got this vulnerability called ASP.Net Path Validation Vulnerability (887219) while doing an online scan using Trend Micro.

    Here's some of the info it gave me:

    Description:

    A canonicalization vulnerability exists in ASP.NET, which could allow a malicious user to access secure and protected files. The security mechanisms of an ASP.NET Web site can be bypassed to allow the malicious user unauthorized access.

    Workaround Fixes:

    * Apply the mitigation code module discussed in Microsoft Knowledge Base Article 887289. The mitigation code module provides protection on a server-basis.

    * Make the following changes in the GLOBAL.ASAX file in the application root directory for each application on an affected system as an alternative to installing the module on a per-application basis:

    <script runat=server language=cs>
    void Application_BeginRequest(object src, EventArgs e)
    { if (Request.Path.IndexOf('\\') >= 0 || System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) { throw new HttpException(404, "not found"); }}
    </script>

    * Install and use URLScan to help protect systems against a large number of issues stemming from improperly formed URL requests, including the publicly described issues addressed by this bulletin. Note however that URLScan does not protect your system as comprehensively as either the mitigation code module or the GLOBAL.ASAX script.

    The Only problem is is that I don't understand half of the stuff it's saying there.o_O
     
Loading...
Thread Status:
Not open for further replies.