Larry Kiterling
asked on
Vulnerability ASP .NET MS05-004 Path Validation on 2012 server?
I have a 2012 server and got this back from my vulnreabiliity scanner. I checked the website and its related to 1.0 and 1.1 on 2003 servers. Is this a concern for 2012 servers? I checked the ASP versions and it shows v2.0/v3.0/v3.5/v4/v4.0. Is this a false positive?
Microsoft Security Bulletin MS05-004 # ASP.NET Path Validation
Microsoft Security Bulletin MS05-004 # ASP.NET Path Validation
looks like it could be an issue - https://support.microsoft.com/en-us/kb/887219
ASKER
Does this effect me though? I don't seem to have those versions (1/1.1)
if you're sure you don 't have those versions, then you are safe
Check the registry on the framework versions installed. There should be any 1.1 for false positive and try upgrade the framework to latest.
https://support.microsoft.com/en-sg/kb/318785
Note the use of mbsa to check the patch level of the server will not help in this case and the enterprise scan tool may not necessary run in 2012 but can try though
https://technet.microsoft.com/library/security/ms05-004
https://support.microsoft.com/en-sg/kb/318785
Note the use of mbsa to check the patch level of the server will not help in this case and the enterprise scan tool may not necessary run in 2012 but can try though
https://technet.microsoft.com/library/security/ms05-004
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
bad ass mo f'er