Re: IE 5.5 Update Q321232 Issue

From: Allen (aca@acadigital.com)
Date: 05/22/02 

From: "Allen" <aca@acadigital.com>
Date: Wed, 22 May 2002 07:54:14 -0700

That was exactly the problem - the host name was "dell_2",
I added an entry into hosts for "dell-2" with the same IP
(it's fixed, not dhcp) and it works fine.

Thank you very much for your suggestion.

Allen

>-----Original Message-----
>Do you use a non-RFC compliant host name for the intranet
site?
>
>The accepted standard format for DNS host names allow for
Alpha
>characters [a-z], numeric characters [0-9], the
period "." and the
>minus sign "-", as specified in RFC 952. Microsoft
systems have
>historically allowed non-RFC compliant host names, most
commonly those
>which use the low line character "_".
>
>Microsoft Internet Explorer (IE) versions, through the
production
>release of 6.0, were forgiving of the non-RFC compliant
host names
>when browsing. When Microsoft released a security patch
for IE 5.5
>and 6.0 in November 2001 to fix a cookie handling
vulnerability
>(MS01-055), they updated their code to only allow RFC
compliant URLs
>when handling cookies. As a result, when non-RFC
compliant URLs try
>to set cookies or use session variables, they are not
returned by the
>browser, causing the web application or page to "break"
or not
>function as intended.
>
>SOLUTION:
>
>Rename the host name to be RFC compliant. If you access
the intranet
>site by it's NetBIOS name, be sure to use only
Alphanumeric
>characters.
>
>References:
>
>RFC 952: DOD INTERNET HOST TABLE SPECIFICATION
>http://www.ietf.org/rfc/rfc952.txt
>
>USENET Message: IE cookies will no longer support RFC non-
compliant
>host names
>http://groups.google.com/groups?
hl=en&selm=uEaL3X48BHA.2304%40tkmsftngp04
>
>MS01-055: Internet Explorer Cookie Data Can Be Exposed or
Altered
>Through Script Injection
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;Q312461
>
>
>
>"Allen" <aca@acadigital.com> wrote in message
news:<5db401c20101$afbe13e0$3aef2ecf@TKMSFTNGXA09>...
>> After installing the new IE patch MS02-023, IE no
longer
>> accepts cookies (neither long or short term) from a
local
>> intranet server. This is making it a little tough to
>> develop ASP. Anyone else having this problem or any
>> suggestions? Resetting cookie policies for intranet
zone
>> or adding the machine name to trusted sites and setting
>> that cookie policy has no effect. Even setting it
>> to "Prompt" for all cookies does nothing.
>>
>> Thanks in advance,
>> Allen
>>
>> OS: Windows 2000, 5.00.2195, Service Pack 2
>> IE: 5.50.4807.2300, 128-bit, SP2, Q319182, Q321232
>.
>

Relevant Pages

  • [Full-disclosure] Browser cookie handling: possible cross-domain cookie sharing
    ... common (I use the trailing dot notation for FQDNs in this mail to keep clear ... the beginning of the hostname visited must in itself be a host or domain ... but also mistakenly for the entire top-level domain ... when the cookie is accepted, ...
    (Full-Disclosure)
  • Re: How to logon and post this to a web form
    ... > to interface with a website. ... > Host: www.betfair.com ... > Connection: Keep-Alive ...
    (microsoft.public.dotnet.languages.vb)
  • Re: setcookie (cant set host only)
    ... any host in the example.com domain can access it. ... the cookie in any way. ... by the 2 versions of the script, also what is returned by $_SERVER ...
    (comp.lang.php)
  • Mozilla cookie stealing - Sandblad advisory #9
    ... Steal/spoof arbitrary cookie in Mozilla ... using the javascript URL. ... Parsing of host and path will stop when a space is found. ...
    (Bugtraq)
  • Re: sygate and shields up
    ... Please first read RFC 792 and try to understand it. ... that a packet to this host cannot be routed (ICMP Destination ... you wanted to communicate with, you get a message: ... > your IP, and anything else your security settings allow, if it wants ...
    (comp.security.firewalls)