Wednesday, March 31, 2004 - Posts

Myth debunking: ASP.NET security -> less vulnerabilities than open source PHP (ASP.NET 2 - PHP 27) -since ASP.NET release

ASP.NET vs PHP: ASP.NET is way more secure

from http://www.securityfocus.com/bid/vendor/ (sorry, no direct link to below) as of March 31st, 2004

 

ASP.NET

  2004-03-08:  Multiple Vendor HTTP Response Splitting Vulnerability
  2003-11-14:  Microsoft ASP.NET Request Validation Null Byte Filter Bypass Vulnerability

PHP

 2004-03-24:  PHP openlog() Buffer Overflow Vulnerability
  2003-11-07:  PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
  2003-11-07:  PHP wordwrap() Heap Corruption Vulnerability
  2003-09-24:  PHP4 Multiple Vulnerabilities
  2003-09-24:  PHP4 Base64_Encode() Integer Overflow Vulnerability
  2003-08-25:  PHP Transparent Session ID Cross Site Scripting Vulnerability
  2003-08-13:  PHP Mail Function ASCII Control Character Header Spoofing Vulnerability
  2003-08-13:  PHP Function CRLF Injection Vulnerability
  2003-08-13:  PHP DLOpen Memory Disclosure Vulnerability
  2003-07-17:  PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability
  2003-06-08:  PHP STR_Repeat Boundary Condition Error Vulnerability
  2003-06-08:  PHP array_pad() Integer Overflow Memory Corruption Vulnerability
  2003-06-04:  PHP PHPInfo Cross-Site Scripting Vulnerability
  2003-05-19:  PHP Post File Upload Buffer Overflow Vulnerabilities
  2003-05-07:  PHP SafeMode Arbitrary File Execution Vulnerability
  2003-04-14:  PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability
  2003-03-26:  PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
  2003-03-26:  PHP socket_recv() Signed Integer Memory Corruption Vulnerability
  2003-03-25:  PHP socket_iovec_alloc() Integer Overflow Vulnerability
  2003-02-19:  PHP CGI SAPI Code Execution Vulnerability
  2003-01-08:  PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability
  2002-09-07:  PHP Header Function Script Injection Vulnerability
  2002-08-08:  PHP HTTP POST Incorrect MIME Header Parsing Vulnerability
  2002-07-22:  PHP Interpreter Direct Invocation Denial Of Service Vulnerability
  2002-04-25:  PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability
  2002-03-21:  PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability
  2002-02-08:

some good ASP.NET posts:

http://weblogs.asp.net/jnadal/archive/2004/03/04/83829.aspx
http://weblogs.asp.net/hernandl
http://weblogs.asp.net/vsdata/archive/2004/03/04/83767.aspx
http://weblogs.asp.net/cnagel/archive/2004/03/09/86878.aspx
http://weblogs.asp.net/jezell/archive/2004/03/15/90045.aspx
http://weblogs.asp.net/jezell/archive/2004/03/15/90045.aspx
http://blogs.patchadvisor.com/bryan/archive/2004/02/01/239.aspx

 

posted Wednesday, March 31, 2004 8:25 PM by stefandemetz with 0 Comments