Advisory for the ASP.NET Vulnerability

We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk.

Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you should look into implementing the suggested workaround: Vulnerability in ASP.NET Could Allow Information Disclosure.

UPDATE: A very good description by our SWI Team: Understanding the ASP.NET Vulnerability

Roger