Summary: These vulnerabilities affect: All versions of Microsoft's .NET Framework How an attacker exploits it: Multiple ways, including sending specially crafted web requests or enticing users to click maliciously crafted links Impact: Various. In the worst case, an attacker can log in to your web application as another user, without having that user's password What to … [Read more...]
Out-of-Cycle Bulletin Fixes Serious ASP.NET Padding Oracle Vulnerability
Summary: This vulnerability affects: All current versions of Microsoft's .NET Framework How an attacker exploits it: By sending a large number of web requests containing cipher text (and interpreting error responses) Impact: In the worst case, an attacker can gain enough information to read and/or tamper with encrypted data from your web server What to do: … [Read more...]