posted on Wednesday, March 31, 2004 8:25 PM
by
stefandemetz
Myth debunking: ASP.NET security -> less vulnerabilities than open source PHP (ASP.NET 2 - PHP 27) -since ASP.NET release
ASP.NET vs PHP: ASP.NET is way more secure
from http://www.securityfocus.com/bid/vendor/ (sorry, no direct link to below) as of March 31st, 2004
ASP.NET
2004-03-08: Multiple Vendor HTTP Response Splitting Vulnerability
2003-11-14: Microsoft ASP.NET Request Validation Null Byte Filter Bypass Vulnerability
PHP
2004-03-24: PHP openlog() Buffer Overflow Vulnerability
2003-11-07: PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
2003-11-07: PHP wordwrap() Heap Corruption Vulnerability
2003-09-24: PHP4 Multiple Vulnerabilities
2003-09-24: PHP4 Base64_Encode() Integer Overflow Vulnerability
2003-08-25: PHP Transparent Session ID Cross Site Scripting Vulnerability
2003-08-13: PHP Mail Function ASCII Control Character Header Spoofing Vulnerability
2003-08-13: PHP Function CRLF Injection Vulnerability
2003-08-13: PHP DLOpen Memory Disclosure Vulnerability
2003-07-17: PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability
2003-06-08: PHP STR_Repeat Boundary Condition Error Vulnerability
2003-06-08: PHP array_pad() Integer Overflow Memory Corruption Vulnerability
2003-06-04: PHP PHPInfo Cross-Site Scripting Vulnerability
2003-05-19: PHP Post File Upload Buffer Overflow Vulnerabilities
2003-05-07: PHP SafeMode Arbitrary File Execution Vulnerability
2003-04-14: PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
2003-03-26: PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
2003-03-26: PHP socket_recv() Signed Integer Memory Corruption Vulnerability
2003-03-25: PHP socket_iovec_alloc() Integer Overflow Vulnerability
2003-02-19: PHP CGI SAPI Code Execution Vulnerability
2003-01-08: PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability
2002-09-07: PHP Header Function Script Injection Vulnerability
2002-08-08: PHP HTTP POST Incorrect MIME Header Parsing Vulnerability
2002-07-22: PHP Interpreter Direct Invocation Denial Of Service Vulnerability
2002-04-25: PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability
2002-03-21: PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability
2002-02-08:
some good ASP.NET posts:
http://weblogs.asp.net/jnadal/archive/2004/03/04/83829.aspx
http://weblogs.asp.net/hernandl
http://weblogs.asp.net/vsdata/archive/2004/03/04/83767.aspx
http://weblogs.asp.net/cnagel/archive/2004/03/09/86878.aspx
http://weblogs.asp.net/jezell/archive/2004/03/15/90045.aspx
http://weblogs.asp.net/jezell/archive/2004/03/15/90045.aspx
http://blogs.patchadvisor.com/bryan/archive/2004/02/01/239.aspx