Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • firepol 125 posts 173 karma points
    Oct 17, 2014 @ 14:30
    firepol
    0

    MS14-059 (October 14th, 2014) MVC Vunlerability 2990942, should we worry?

    Sorry for cross posting this, but should we worry about our umbraco websites, because of this?

    Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

    I posted the same question in the umbraco blog and in the ASP.NET forum.

    umbraco is using this (affected) dll: System.Web.Mvc.dll

    Umbraco uses UmbracoMembershipProvider for the backend.

    Main question here: can an attacker use this vunlerability to gain access to the umbraco backend?

    Copy Link
  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Oct 17, 2014 @ 18:36
    Jan Skovgaard
    100

    Hi Firepol

    The blogpost from yesterday has been updated with instructions on how to update the affected .dll here http://umbraco.com/follow-us/blog-archive/2014/10/16/getting-a-systemwebhttpapicontroller-error

    So in short, yes do follow the advise from Microsoft and update :)

    Cheers, Jan

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies