Skip to main content

ASP.NET Security Threat

By Philip Miseldine

I’ve been busy fixing the many applications at University today with this new security threat to ASP.NET applications.

Put simply, its a matter of canonicalization that could allow users to enter password protected areas of your sites by simply altering a URL.

A good how-to guide is available on the Microsoft support site, yet no formal fix has yet been released. You can protect your application however, by dropping 5 lines of code into your global.asax (available on the page)

Also for .NET developers, grab the patch for the GDI+ JPEG buffer overrun bug that has also recently been fixed.

Update: You can now download a patch to update your servers. Thanks to tchansen for the heads up.

Philip is a Computer Science PhD student at Liverpool John Moores University. He's still not mastered guitar tabs, never finished Mario, and needs a haircut. He discusses life at

Integromat Tower Ad