NTS Forums

Please login or register.

Login with username, password and session length
 

News:

Welcome to the Newtek Technology Services Forum!


Author Topic: Important: ASP.NET Security Vulnerability  (Read 11099 times)

Offline italait

  • Sr. Member
  • ****
  • Posts: 917
  • Karma: +126/-4
  • My Desktop
    • YouCouldGetMe
Important: ASP.NET Security Vulnerability
« on: September 18, 2010, 06:36:47 AM »
Microsoft released a Security Advisory about a security vulnerability in ASP.NET.  This vulnerability exists in all versions of ASP.NET.

This vulnerability was publically disclosed late Friday at a security conference.  MS recommend that all customers immediately apply a workaround, described here,
to prevent attackers from using this vulnerability against your ASP.NET applications.
Colin

italait...    it takes as long as it takes...
For those who have infinite patience everything happens immediately.

Offline italait

  • Sr. Member
  • ****
  • Posts: 917
  • Karma: +126/-4
  • My Desktop
    • YouCouldGetMe
Re: Important: ASP.NET Security Vulnerability
« Reply #1 on: September 21, 2010, 03:35:04 AM »
Colin

italait...    it takes as long as it takes...
For those who have infinite patience everything happens immediately.

Offline RyanBishop [NTS]

  • Web Hosting
  • Administrator
  • Sr. Member
  • *****
  • Posts: 817
  • Karma: +49/-13
  • Newtek Web Hosting
    • Newtek Web Hosting
Re: Important: ASP.NET Security Vulnerability
« Reply #2 on: September 21, 2010, 10:28:53 AM »
Thanks for posting this information. As soon as the updates are available they will be rolled out to help protect customers that may not know about this vulnerability.

We are going to attempt to send out communications regarding this threat and assist customers to make needed work a rounds.

Offline italait

  • Sr. Member
  • ****
  • Posts: 917
  • Karma: +126/-4
  • My Desktop
    • YouCouldGetMe
Colin

italait...    it takes as long as it takes...
For those who have infinite patience everything happens immediately.

Offline JJ

  • Hosting Newbie
  • *
  • Posts: 10
  • Karma: +0/-0
Re: Important: ASP.NET Security Vulnerability
« Reply #4 on: September 28, 2010, 06:16:20 AM »
I received the security warning but I'm not sure that my site even has ASP.NET. There's an "aspnet_client" folder but all the pages are ColdFusion. I created a simple ASP.NET test page and it didn't work. Is there a way in the WebControlCenter to verify which server-side scripting languages are being used?

jbcampos

  • Guest
Re: Important: ASP.NET Security Vulnerability
« Reply #5 on: September 29, 2010, 05:47:39 PM »
Hi,

The coldfusion plans do run on IIS6/7 servers and would have .net available for it, but you may not necessarily have .net pages in use. I believe as long as they are able to generate .net error messages they would be able to exploit this but if its a coldfusion 8 site you wouldn't need to worry about anything. The patch is going into affect here shortly, in the meantime while we patch the servers we're updating our URLScan and trying to get our IDP systems to detect these types of attacks and block them. Shoot us a ticket or send me a PM if you are concerned about your site.

Offline artbytes

  • Hosting Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
.NET Security Vulnerability - does it effect ASP Classic applications?
« Reply #6 on: October 11, 2010, 06:21:05 PM »
Does this vulnerability present a thread to .asp classic pages, or is it just for asp.net applications?