DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 894670 - Last Review: December 3, 2007 - Revision: 2.7

On This Page

SUMMARY

After you install security update MS05-004, and then you browse or try to debug some ASP.NET applications, you may experience errors. This article describes the different errors messages that you may receive. It also provides resolutions for these problems.

SYMPTOMS

After you install security update MS05-004, and then you browse or try to debug a Microsoft ASP.NET application where the URL contains a trailing backslash (\), you may receive one of the following error messages:
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

Error while trying to run project: Unable to start debugging on the web server. Could not start ASP.NET or ATL Server Debugging. Verify that the ASP.NET or ATL server is currently installed on the server.

CAUSE

The problem occurs if the URL that is specified in the Microsoft Internet Information Services (IIS) metabase contains a trailing backslash.

RESOLUTION

To resolve this problem, remove the trailing backslash in the IIS metabase for the URL that is specified for the affected Web application. To do this, use one of the following methods.

Method 1: Use IIS Manager

  1. Click Start, click Run, type cmd, and then click OK.
  2. Locate the %systemroot%\system32\inetsrv directory.
  3. At the command prompt, type inetmgr to open IIS Manager.
  4. Right-click the Web site for the URL that you want to change, and then click Properties.
  5. If the affected application is a virtual directory under the Web site, click the Directory tab, and then remove the trailing backslash from the path that is specified in the Local path text box.

    If the affected application is in the root directory of the Web site, click the Home Directory tab, and then remove the trailing backslash from the path that is specified in the Local path text box.
  6. Click Apply, and then click OK.

Method 2: Use a .vbs script

  1. Use the following code sample tp create a .vbs script:
    
    Option Explicit
    
    Dim objWebService, objWebSite
    Dim objSite, objArgs, strServer
    Dim WshNetwork
    
    Set objArgs = WScript.Arguments
    
    If objArgs.Length = 1 Then
    	strServer = objArgs(0)
    ElseIf  objArgs.Length = 0 Then
    	Set WshNetwork = CreateObject("WScript.Network")
    	strServer = WshNetwork.ComputerName
    Else
    	WScript.Echo "Usage: CScript ModifyVDir.vbs [servername]"
    	WScript.Quit
    End If
    WScript.Echo "Connecting to " & strServer
    
    Set objWebService = GetObject("IIS://" & strServer & "/W3SVC")
    
    For Each objWebSite in objWebService
    	Set objSite = GetObject(objWebSite.AdsPath)
    	If objSite.Class = "IIsWebServer" Then
    		WScript.Echo objSite.AdsPath
    		EnumVDir objSite, 1
    	End If
    Next
    
    WScript.Echo "Done processing."
    
    Sub EnumVDir(objVDir, i)
    	Dim objSubVDir, objDir
    	Dim strNewPath
    	
    	For Each objSubVDir in objVDir
    		If objSubVDir.Class = "IIsWebVirtualDir" Then
    			Set objDir = GetObject(objSubVDir.AdsPath)
    			
    			If ((Right(objDir.Path, 1) = "\") and (Right(objDir.Path, 2) <> ":\")) Then
    				WScript.Echo Space(i*3) & objDir.AdsPath
    				WScript.Echo Space(i*3) & "Path = " & objDir.Path
    
    				strNewPath = Left(objDir.Path, Len(objDir.Path) - 1)
    				WScript.Echo Space(i*3) & "New Path = " & strNewPath
    					
    				objDir.Put "Path", strNewPath
    				objDir.SetInfo
    			End If
    			
    			EnumVDir objDir, i + 1
    		End If
    	Next
    End Sub
    
    
  2. Run the .vbs script from the command line. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, type cscript [file_name.vbs].

      Note file_name is a placeholder for the name of your .vbs script.
    3. To close the command prompt, type exit.

MORE INFORMATION

After you apply this security update, ASP.NET performs stricter checks for the validity both of physical paths and of requested virtual paths.

REFERENCES

For additional information about the MS05-004 security update, click the following article number to view the article in the Microsoft Knowledge Base:
887219  (http://support.microsoft.com/kb/887219/ ) MS05-004: ASP.NET path validation vulnerability could allow unauthorized access

APPLIES TO
  • Microsoft ASP.NET 1.1
  • Microsoft ASP.NET 1.0
  • Microsoft .NET Framework 1.0
  • Microsoft .NET Framework 1.0 Service Pack 1
  • Microsoft .NET Framework 1.0 Service Pack 2
  • Microsoft .NET Framework 1.0 Service Pack 3
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.1 Service Pack 1
Keywords: 
kbhttp404 kbdev kbasp kbtshoot kberrmsg kbprb KB894670
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support