Security Research
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Analyzing CVE-2015-1635 from cause to cure

SasiSiddharth

Thank you Bart12366 for pointing out this feature. Yes, IIS does allow kernel caching of dynamic files, but only if the files satisfy certain conditions. I have edited the post to reflect this piece of information. I appreciate your contribution and thank you for being an active reader of our blog.

--
Sasi Siddharth
0 Kudos
About the Author

SasiSiddharth

Comments
Bart12366

dynamic file such as .aspx. The attack will only succeed on cacheable static file types such as .html, .htm, .jpeg, etc."

 

is this a true statement? Can you provide a link where it says that dynamic content CANNOT be cached in kernel caching.

 

This seems to indicate that it's possible to cache dynamic content in kernel  caching, albeit with some limitations: http://aspalliance.com/1533_ASPNET_Performance_Tips.7

 

Did this change in newer IIS versions?

SasiSiddharth

Thank you Bart12366 for pointing out this feature. Yes, IIS does allow kernel caching of dynamic files, but only if the files satisfy certain conditions. I have edited the post to reflect this piece of information. I appreciate your contribution and thank you for being an active reader of our blog.

Labels
Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all