[Mono-list] Mono ASP.NET MVC Virtual Path Not Found Exception?

James Wright james.wright at jigsawdezign.com
Wed Jun 29 18:34:18 EDT 2011 

   After investigating this some more, the real issue I'm seeing is that 
when requesting a path that contains a colon (:) or star (*)  such as 
"www.example.com/abcd:" then Mono is displaying a full stacktrace and 
version information despite having <customErrors mode="RemoteOnly"/> set 
in the Web.config. When I reproduce with Microsoft .Net it displays the 
usual generic error with no version information as you'd expect.

  Can anyone else confirm this is an issue or suggest a workaround?

Thanks,
James

On 29/06/2011 11:35, James Wright wrote:
>      Further to this, it seems the stacktrace for this error is available
> to remote users, shouldn't that only be visible to local only?
>
>
> Thanks,
> James
>
> On 29/06/2011 11:18, James Wright wrote:
>> Hi,
>>
>>      I am running Mono 2.10.2 (installed from the current RPMs) and an
>> ASP.NET 4.0 MVC 2 web app. I have a few excpetions in my Apache error
>> log as a result of some recent vulnerability scans against my web
>> server. The HTTP response code returned is a 500, with a stacktrace
>> dumped in the error log. However when I test the same invalid path on my
>> windows dev machine (running the Microsoft .NET framework) I get a 400 -
>> Not Found which is what I'd expect. Here is a snippet from my web server
>> log;
>>
>> error_log:
>> System.Web.HttpException: '/w00tw00t.at.blackhats.romanian.anti-sec:)'
>> is not a valid virtual path.
>>      at System.Web.HttpRequest.MapPath (System.String virtualPath,
>> System.String baseVirtualDir, Boolean allowCrossAppMapping) [0x00000] in
>> <filename unknown>:0
>>      at System.Web.HttpRequest.MapPath (System.String virtualPath)
>> [0x00000] in<filename unknown>:0
>>      at System.Web.Configuration.WebConfigurationManager.MapPath
>> (System.Web.HttpRequest req, System.String virtualPath) [0x00000] in
>> <filename unknown>:0
>>      at System.Web.Configuration.WebConfigurationManager.FindWebConfig
>> (System.String path, System.Boolean&   inAnotherApp) [0x00000] in
>> <filename unknown>:0
>>      at
>> System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration
>> (System.String path, System.String site, System.String locationSubPath,
>> System.String server, System.String userName, System.String password,
>> Boolean fweb) [0x00000] in<filename unknown>:0
>>      at System.Web.Configuration.WebConfigurationManager.GetSection
>> (System.String sectionName, System.String path, System.Web.HttpContext
>> context) [0x00000] in<filename unknown>:0
>>      at System.Web.Configuration.WebConfigurationManager.GetSection
>> (System.String sectionName) [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.BaseApplicationHost.LocateHandler (System.String
>> verb, System.String uri) [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.BaseApplicationHost.IsHttpHandler (System.String
>> verb, System.String uri) [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.Paths.VirtualPathExists (IApplicationHost appHost,
>> System.String verb, System.String uri) [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.Paths.GetPathsFromUri (IApplicationHost appHost,
>> System.String verb, System.String uri, System.String&   realUri,
>> System.String&   pathInfo) [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.ModMonoWorkerRequest.GetRequestData () [0x00000] in
>> <filename unknown>:0
>>      at Mono.WebServer.MonoWorkerRequest.ReadRequestData () [0x00000] in
>> <filename unknown>:0
>>      at Mono.WebServer.BaseApplicationHost.ProcessRequest
>> (Mono.WebServer.MonoWorkerRequest mwr) [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.ModMonoApplicationHost.ProcessRequest (Int32 reqId,
>> System.String verb, System.String queryString, System.String path,
>> System.String protocol, System.String localAddress, Int32 serverPort,
>> System.String remoteAddress, Int32 remotePort, System.String remoteName,
>> System.String[] headers, System.String[] headerValues, System.Object
>> worker) [0x00000] in<filename unknown>:0
>>      at (wrapper remoting-invoke-with-check)
>> Mono.WebServer.ModMonoApplicationHost:ProcessRequest
>> (int,string,string,string,string,string,int,string,int,string,string[],string[],object)
>>      at Mono.WebServer.ModMonoWorker.InnerRun (System.Object state)
>> [0x00000] in<filename unknown>:0
>>      at Mono.WebServer.ModMonoWorker.Run (System.Object state) [0x00000]
>> in<filename unknown>:0
>>
>>     [error] (70014)End of file found: read_data failed
>>     [error] Command stream corrupted, last command was 1
>>
>>
>> Thanks,
>> James
>>
>>
>>
>> _______________________________________________
>> Mono-list maillist  -  Mono-list at lists.ximian.com
>> http://lists.ximian.com/mailman/listinfo/mono-list
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list

More information about the Mono-list mailing list