Check the link!
http://www.microsoft.com/security/incident/aspnet.mspx
Printable View
Check the link!
http://www.microsoft.com/security/incident/aspnet.mspx
As usually is the case, they're extremely scarce with info.
It basicly means that if you replace a / (forward slash) with a \ (backslash) in the URL you can circumvent the authentication mechanism.Quote:
Reports have indicated that an attacker could send specially crafted requests to a Web server running ASP.NET applications and bypass forms based authentication or Windows authorization configurations, and potentially view secured content without providing the proper credentials.
NTBugtraq post
(Hope this long url bug is fixed ;) )