You are currently offline, waiting for your internet to reconnect

You may receive error messages when you browse or try to debug an ASP.NET application after you install security update 887219 (MS05-004)

SUMMARY
After you install security update MS05-004, and then you browse or try to debug some ASP.NET applications, you may experience errors. This article describes the different errors messages that you may receive. It also provides resolutions for these problems.
SYMPTOMS
After you install security update MS05-004, and then you browse or try to debug a Microsoft ASP.NET application where the URL contains a trailing backslash (\), you may receive one of the following error messages:
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Error while trying to run project: Unable to start debugging on the web server. Could not start ASP.NET or ATL Server Debugging. Verify that the ASP.NET or ATL server is currently installed on the server.
CAUSE
The problem occurs if the URL that is specified in the Microsoft Internet Information Services (IIS) metabase contains a trailing backslash.
RESOLUTION
To resolve this problem, remove the trailing backslash in the IIS metabase for the URL that is specified for the affected Web application. To do this, use one of the following methods.

Method 1: Use IIS Manager

  1. Click Start, click Run, type cmd, and then click OK.
  2. Locate the %systemroot%\system32\inetsrv directory.
  3. At the command prompt, type inetmgr to open IIS Manager.
  4. Right-click the Web site for the URL that you want to change, and then click Properties.
  5. If the affected application is a virtual directory under the Web site, click the Directory tab, and then remove the trailing backslash from the path that is specified in the Local path text box.

    If the affected application is in the root directory of the Web site, click the Home Directory tab, and then remove the trailing backslash from the path that is specified in the Local path text box.
  6. Click Apply, and then click OK.

Method 2: Use a .vbs script

  1. Use the following code sample tp create a .vbs script:
    Option ExplicitDim objWebService, objWebSiteDim objSite, objArgs, strServerDim WshNetworkSet objArgs = WScript.ArgumentsIf objArgs.Length = 1 Then	strServer = objArgs(0)ElseIf  objArgs.Length = 0 Then	Set WshNetwork = CreateObject("WScript.Network")	strServer = WshNetwork.ComputerNameElse	WScript.Echo "Usage: CScript ModifyVDir.vbs [servername]"	WScript.QuitEnd IfWScript.Echo "Connecting to " & strServerSet objWebService = GetObject("IIS://" & strServer & "/W3SVC")For Each objWebSite in objWebService	Set objSite = GetObject(objWebSite.AdsPath)	If objSite.Class = "IIsWebServer" Then		WScript.Echo objSite.AdsPath		EnumVDir objSite, 1	End IfNextWScript.Echo "Done processing."Sub EnumVDir(objVDir, i)	Dim objSubVDir, objDir	Dim strNewPath		For Each objSubVDir in objVDir		If objSubVDir.Class = "IIsWebVirtualDir" Then			Set objDir = GetObject(objSubVDir.AdsPath)						If ((Right(objDir.Path, 1) = "\") and (Right(objDir.Path, 2) <> ":\")) Then				WScript.Echo Space(i*3) & objDir.AdsPath				WScript.Echo Space(i*3) & "Path = " & objDir.Path				strNewPath = Left(objDir.Path, Len(objDir.Path) - 1)				WScript.Echo Space(i*3) & "New Path = " & strNewPath									objDir.Put "Path", strNewPath				objDir.SetInfo			End If						EnumVDir objDir, i + 1		End If	NextEnd Sub
  2. Run the .vbs script from the command line. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, type cscript [file_name.vbs].

      Note file_name is a placeholder for the name of your .vbs script.
    3. To close the command prompt, type exit.
MORE INFORMATION
After you apply this security update, ASP.NET performs stricter checks for the validity both of physical paths and of requested virtual paths.
REFERENCES
For additional information about the MS05-004 security update, click the following article number to view the article in the Microsoft Knowledge Base:
887219 MS05-004: ASP.NET path validation vulnerability could allow unauthorized access
Properties

Article ID: 894670 - Last Review: 12/03/2007 18:42:17 - Revision: 2.7

Microsoft ASP.NET 1.1, Microsoft ASP.NET 1.0, Microsoft .NET Framework 1.0, Microsoft .NET Framework 1.0 Service Pack 1, Microsoft .NET Framework 1.0 Service Pack 2, Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.1, Microsoft .NET Framework 1.1 Service Pack 1

  • kbhttp404 kbdev kbasp kbtshoot kberrmsg kbprb KB894670
Feedback