Server Patch for ASPNET Vulnerability
http://www.microsoft.com/security/incident/aspnet.mspx
This page was updated October 7, 2004, to include information about a newly released mitigation option, an HTTP module installer. This module protects all ASP.NET applications on a Web server against canonicalization problems that are currently known to Microsoft as of the publication date. We will continue to update this page as additional guidance and resources become available.
This fix will protect all ASP.NET sites on a server. Downside is, this is an MSI that needs to be run on your server. If you don't have that level of access to your server, check with your host or network admins to ensure this fix has been applied.
If you find you need to create your own HTTP module, here is code to do so:
http://blogs.sagestone.net/drobbins/archive/2004/10/06/388.aspx