ASP.NET Security Vulnerability --> customErrors 2010-09-18

Discussion in 'Site Programming, Development and Design' started by jdeniz, Sep 20, 2010.

  1. jdeniz

    jdeniz

    jdeniz, Sep 20, 2010
    #1
  2. Ray

    Ray

    I will still need some time to fully diagnose the full impact on this but everything this article says you do to work around the problem is accessible to all customers. Each customer can set their own custom error handling within their own web.config file.
     
    Ray, Sep 20, 2010
    #2
  3. jdeniz

    jdeniz

    Yes. I posted it as an advice for all Winhost customers... and for all Winhost team ;-).

    I just modified the customError section of all my web.config files even when I had the customErrors correctly configured but I had to homogenizes all errors...

    It's pretty scary when a bug like this is found...
     
    Last edited by a moderator: Oct 14, 2015
    jdeniz, Sep 20, 2010
    #3
  4. Michael

    Michael

    Thanks. Everyone should check their configuration for this vulnerability, even if you think it doesn't affect you.
     
    Michael, Sep 20, 2010
    #4

Share This Page