% 5c vulnerability in ASP No more reviews We look at the problem under ASP.NET
Microsoft ASP.NET Vulnerability (Updated Oct. 7th)
Microsoft announced a possible vulnerability in (http://www.microsoft.com/security/incident/aspnet.mspx) ASP.NET. There are not much details so far, but it refers to the "canonicalization" functionality and suggest to implement Then Hardening MeasureS Outlined in KB887459 (http://support.microsoft.com/?kbid=887459).
IT APPEARS THAT A Particularly Crafted Request May Confuse ASP.NET and ALLOW Access To OtherWise Protected Directories.
If a web server receives a request for a particular URL (eg _http: // server / somedirectory / filename), the 'somedirectory / filename' part has to be mapped to a particular file located on the server This translation has been the source. Of Many "Directory Traversal" BUGS. The IIS Unicode Exploit Is Probably The Most Famous One.
After ORIGINAL Posting of this Diary, A Few Users Pointed to the Following Articles Which Provide More Details The provided by Microsoft's Advisory: (THANKS to CHAOUKI & DANIEL)
http://www.heise.de/security/news/meldung/51730 (German) http://www.derkeiler.com/mailing-lists/NT-BUGTRAQ/2004-09/0068.html http: // blogs . devleap.com / Rob / Archive / 2004/10/02 / 1803.aspx (Italian) http://www.k-otik.com/news/10052004.aspnetFlaw.php (French)
IT APPEARS THATINE SWITCHING A '/' Or '% 5c', The Canixation Routine Will Be confused. So if the url: http://www.example.com/secure/file.apx Is Password Protected, Urs Will Bypass the Restriction: http://www.example.com/secure/file.apxhtp://www.example.com/secure\file.apx
