Mehul Harry's DevExpress Blog

This Blog

News


Mehul Harry is the DevExpress Web Program Manager. Follow him on twitter: @Mehulharry

Subscribe (RSS, Email)

Archives

Update Ajax Control Toolkit to Patch Critical Security Vulnerability

If you are using the ASP.NET AJAX Control Toolkit, you'll want to make sure it's updated to the latest version as it patches a critical security vulnerability.

The "Directory Traversal" vulnerability affects ASP.NET AJAX Control Toolkit versions prior to v15.1.x.

The vulnerability existed prior to DevExpress taking over the ASP.NET AJAX Control Toolkit. DevExpress has patched this vulnerability with our first release of the ASP.NET AJAX Control Toolkit v15.1.

Details

Brian Cardinale, Principal Application Security Consultant, notified us of the vulnerability last year (thanks Brian!). To help you understand the vulnerability, I'll use Brian's excellent description:

There is a File Write Directory Traversal issue inside the AjaxControlToolkit “AjaxFileUpload” control. When uploading a file using this control, the framework should write the file to the environments “temp” directory. The framework is not validating the “fileid” parameter from being modified. This parameter is later used in the creation of the path in the “temp” directory. This parameter can be modified to write to any location on the disk, as long as file system permissions allows. This exploit can lead to Remote Code Execution if an attacker is able to upload an .aspx file into the web directory. - Brian Cardinale

To learn more, check out Brian's blog post on this issue.

Update to v15.1.x (or higher)

To patch this vulnerability, upgrade your ASP.NET AJAX Control Toolkit version to the latest versions. You can download our useful installer here:

Or use the Nuget libraries:

ASP.NET AJAX Control Toolkit Nuget package


Related posts:

Published Aug 31 2015, 11:15 AM by
Filed under:
Bookmark and Share

Comments

No Comments

About Mehul Harry (DevExpress)

Mehul Harry is an ASP.NET technical evangelist at Developer Express. You can reach him directly at mharry@DevExpress.com. You can also follow him on Twitter: http://twitter.com/mehulharry
LIVE CHAT

Chat is one of the many ways you can contact members of the DevExpress Team.
We are available Monday-Friday between 7:30am and 4:30pm Pacific Time.

If you need additional product information, write to us at info@devexpress.com or call us at +1 (818) 844-3383

FOLLOW US

DevExpress engineers feature-complete Presentation Controls, IDE Productivity Tools, Business Application Frameworks, and Reporting Systems for Visual Studio, along with high-performance HTML JS Mobile Frameworks for developers targeting iOS, Android and Windows Phone. Whether using WPF, ASP.NET, WinForms, HTML5 or Windows 10, DevExpress tools help you build and deliver your best in the shortest time possible.

Copyright © 1998-2017 Developer Express Inc.
All trademarks or registered trademarks are property of their respective owners