Update to advisory

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Update to advisory

Cantor, Scott E.
I was referred to an alternate mechanism that some ASP.NET applications are
using to access CGI variables that appears to be safer, and unaffected by
the vulnerability. I have updated both the advisory and the wiki topic to
reflect this distinction:

http://shibboleth.internet2.edu/secadv/secadv_20090615.txt

https://spaces.internet2.edu/display/SHIB2/secadv_20090615

Upgrading remains strongly advisable for all IIS sites while assessing the
threat to any specific application.

-- Scott