Microsoft ASP.NET 1.x URI Canonicalization Unauthorized Web Access Vulnerability

ID SSV:78361
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Microsoft ASP.NET is reported prone to a remote information-disclosure vulnerability because the application fails to properly secure documents when handling malformed URI requests. 

An attacker may leverage this issue to bypass authentication required to access files in secured directories.

Mozilla Web Browser based proof of concept:\somefile.aspx 

Microsoft Internet Explorer based proof of concept: