Microsoft Security Advisory (2416728) Vulnerability in ASP.NET Could Allow Information Disclosure - How to handle in Lemoon?

2010-09-23 09:12:40 Christian Rosberg

Hi,

thinking about how to apply changes (or a patch) to a Lemoon installation regarding the recent security issue in the ASP.NET framework (http://www.microsoft.com/technet/security/advisory/2416728.mspx). Haven't found any information about it on your site.

Regards,
Christian Rosberg

Reply Quote

All replies

2010-09-23 09:28:10 Magnus Krona

Until Microsoft releases a patch (this week hopefully), you can change in web.config to provide a single custom error page like:

<customErrors mode="RemoteOnly" defaultRedirect="/Error.aspx"/>

Do not use seperate error page for 404 and 500 which is the default configuration i lemoon 4.

Please see http://stevesmithblog.com/blog/asp-net-custom-errors-security-flaw/ for more information.

Reply Quote

Support

Microsoft Security Advisory (2416728) Vulnerability in ASP.NET Could Allow Information Disclosure - How to handle in Lemoon?

All replies