Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 28, 2010

ASP.NET security patch, what's changed

I've snooped around with fiddler to see what changes have been introduced by the patch release today for the ASP.NET framework.

I've seen to notable differences in the behaviour of webresource.axd:

  1. The d parameter is now set to a value much longer than before, it seems it's 50 bytes longer
  2. Tampering with this parameter will not trigger a 500 server error and an entry in the application event log. A regular 404 error is returned to the browser, and nothing is logged in the event log.
My guess is that they have included an integrity check of some kind. Also, they've fixed the problem with error messages distinguishing between the different errors occuring. Now, it's all 404 errors.

Anyhow, it's time to go home from work. Unfortunately, my local time is quite far from PDT. Happy patching!
Posted by at
Labels: ,

7 comments:

  1. chenlina21 April, 2017 04:03

    columbia outlet
    kobe shoes
    michael kors uk
    scarpe hogan
    louis vuitton outlet
    nike roshe run pas cher
    mbt shoes
    pandora jewelry
    canada goose jackets
    louis vuitton handbags
    chenlina20170421

    ReplyDelete
  2. Richard Majece30 May, 2018 15:31

    I like changes if we are talking in general. But I write my academic papers using advices from https://samedaypaper.org/blog/paper-outline and I don't want to change it.

    ReplyDelete
  3. Unknown31 October, 2018 09:48

    surveillancekart security system

    surveillancekart cctv installation services

    cp plus

    Pestveda pest control services

    dezigly

    The feedgasm Latest News And Breaking News

    quicksodes

    latest news in hindi

    ReplyDelete
  4. Anonymous05 March, 2019 21:12

    https://tcswebmail.club

    ReplyDelete
  5. samaher04 April, 2019 15:23



    نقل عفش من جدة الى الطائف
    شركة نقل عفش من المدينة المنورة الى جدة شركة نقل عفش من جدة الى المدينة المنورة

    شركة نقل عفش من الرياض الى الامارات شركات نقل عفش من الرياض الى الامارات
    شركة نقل عفش من الرياض الى الاردن شركات نقل عفش من الرياض الى الاردن

    ________

    ReplyDelete
  6. Anonymous14 May, 2019 14:34

    https://pokesniper.online/tcs-webmail/

    ReplyDelete
  7. Jagna Co Kalani17 May, 2019 09:01

    Network Security Final Year Project Ideas

    Project Centers in Chennai



    JavaScript Training in Chennai
    JavaScript Training in Chennai

    ReplyDelete

Subscribe to: Post Comments (Atom)

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts