Update to advisory

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Update to advisory

Cantor, Scott E.
I was referred to an alternate mechanism that some ASP.NET applications are
using to access CGI variables that appears to be safer, and unaffected by
the vulnerability. I have updated both the advisory and the wiki topic to
reflect this distinction:



Upgrading remains strongly advisable for all IIS sites while assessing the
threat to any specific application.

-- Scott