Hi, I am running Mono 2.10.2 (installed from the current RPMs) and an ASP.NET 4.0 MVC 2 web app. I have a few excpetions in my Apache error log as a result of some recent vulnerability scans against my web server. The HTTP response code returned is a 500, with a stacktrace dumped in the error log. However when I test the same invalid path on my windows dev machine (running the Microsoft .NET framework) I get a 400 - Not Found which is what I'd expect. Here is a snippet from my web server log;
error_log: System.Web.HttpException: '/w00tw00t.at.blackhats.romanian.anti-sec:)' is not a valid virtual path. at System.Web.HttpRequest.MapPath (System.String virtualPath, System.String baseVirtualDir, Boolean allowCrossAppMapping) [0x00000] in <filename unknown>:0 at System.Web.HttpRequest.MapPath (System.String virtualPath) [0x00000] in <filename unknown>:0 at System.Web.Configuration.WebConfigurationManager.MapPath (System.Web.HttpRequest req, System.String virtualPath) [0x00000] in <filename unknown>:0 at System.Web.Configuration.WebConfigurationManager.FindWebConfig (System.String path, System.Boolean& inAnotherApp) [0x00000] in <filename unknown>:0 at System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration (System.String path, System.String site, System.String locationSubPath, System.String server, System.String userName, System.String password, Boolean fweb) [0x00000] in <filename unknown>:0 at System.Web.Configuration.WebConfigurationManager.GetSection (System.String sectionName, System.String path, System.Web.HttpContext context) [0x00000] in <filename unknown>:0 at System.Web.Configuration.WebConfigurationManager.GetSection (System.String sectionName) [0x00000] in <filename unknown>:0 at Mono.WebServer.BaseApplicationHost.LocateHandler (System.String verb, System.String uri) [0x00000] in <filename unknown>:0 at Mono.WebServer.BaseApplicationHost.IsHttpHandler (System.String verb, System.String uri) [0x00000] in <filename unknown>:0 at Mono.WebServer.Paths.VirtualPathExists (IApplicationHost appHost, System.String verb, System.String uri) [0x00000] in <filename unknown>:0 at Mono.WebServer.Paths.GetPathsFromUri (IApplicationHost appHost, System.String verb, System.String uri, System.String& realUri, System.String& pathInfo) [0x00000] in <filename unknown>:0 at Mono.WebServer.ModMonoWorkerRequest.GetRequestData () [0x00000] in <filename unknown>:0 at Mono.WebServer.MonoWorkerRequest.ReadRequestData () [0x00000] in <filename unknown>:0 at Mono.WebServer.BaseApplicationHost.ProcessRequest (Mono.WebServer.MonoWorkerRequest mwr) [0x00000] in <filename unknown>:0 at Mono.WebServer.ModMonoApplicationHost.ProcessRequest (Int32 reqId, System.String verb, System.String queryString, System.String path, System.String protocol, System.String localAddress, Int32 serverPort, System.String remoteAddress, Int32 remotePort, System.String remoteName, System.String[] headers, System.String[] headerValues, System.Object worker) [0x00000] in <filename unknown>:0 at (wrapper remoting-invoke-with-check) Mono.WebServer.ModMonoApplicationHost:ProcessRequest (int,string,string,string,string,string,int,string,int,string,string[],string[],object) at Mono.WebServer.ModMonoWorker.InnerRun (System.Object state) [0x00000] in <filename unknown>:0 at Mono.WebServer.ModMonoWorker.Run (System.Object state) [0x00000] in <filename unknown>:0 [error] (70014)End of file found: read_data failed [error] Command stream corrupted, last command was 1 Thanks, James _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
