Per Nilsson
Jan 18, 2012
  16930
(4 votes)

MS Update MS11-100 breaks sites with more than 1000 parameters

Got a ticket to the support with an error I haven't seen before and found out that the reason is a two weeks old Microsoft hotfix. It might happen to someone else so wanted to write a few rows how to solve it if you run into the problem.

During the holidays MS published the security update MS11-100. This update has been released to fix ASP.NET DoS vulnerability and limits the amount of parameters for a single HTTP POST to 1000. It's probably not that often you use more than 1000 parameters but this is the error you will end up with if you do (the one to look for is ThrowIfMaxHttpCollectionKeysExceeded):

 

Operation is not valid due to the current state of the object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:
[InvalidOperationException: Operation is not valid due to the current state of the object.]
System.Web.HttpValueCollection.ThrowIfMaxHttpCollectionKeysExceeded() +2692302
System.Web.HttpValueCollection.FillFromEncodedBytes(Byte[] bytes, Encoding encoding) +61
System.Web.HttpRequest.FillInFormCollection() +148

[HttpException (0x80004005): The URL-encoded form data is not valid.]
System.Web.HttpRequest.FillInFormCollection() +206
System.Web.HttpRequest.get_Form() +68
System.Web.HttpRequest.get_HasForm() +8735447
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) +97
System.Web.UI.Page.DeterminePostBackMode() +63
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +133

 

Solution:
When they added the limitation of parameters they also added the possiblilty to override the default value by a new setting in web.config. Can also mention that it’s not possible to apply different values at different locations. 

Add the following setting to web.config with a value larger than 1000 (default):

<appSettings>
   <add key="aspnet:MaxHttpCollectionKeys" value="some number here"/>
</appSettings>

The above setting should fix the problem.

 

Links:
Info about the hotfix and people getting the error in the discussion following the article:
http://weblogs.asp.net/scottgu/archive/2011/12/28/asp-net-security-update-shipping-thursday-dec-29th.aspx

The same error discussed in a forum
http://forums.asp.net/t/1754522.aspx/1?New+Net+2+0+Bug+From+Windows+Update+

Jan 18, 2012

Comments

Please login to comment.
Latest blogs
AI-Assistant: The 'Change Tone' Shortcut

The AI-Assistant for Optimizely is constantly evolving, adjusting, and transforming to meet your digital needs, providing a cutting-edge advantage...

Luc Gosso (MVP) | Sep 27, 2023 | Syndicated blog

How to fix scheduled job 'Remove Abandoned BLOBs' if it keeps failing

Optimizely inlcudes a job named 'Remove Abandoned BLOBs'. This post will help you fix it if it's no longer working.

Henning Sjørbotten | Sep 26, 2023 | Syndicated blog

Optimizely Web Experimentation Metrics

Within the domain of Optimizely Web Experimentation Metrics, the emphasis is on objective key performance indicators (KPIs) selected to assess an...

Matthew Dunn | Sep 23, 2023 | Syndicated blog

Optimizely For you Intranet

Having been at Optimizely and in the CMS industry for nearly 16 years I have seen clients’ intranet requirements go from a simple site just to hous...

Robert Folan | Sep 22, 2023

Vulnerability in EPiServer.GoogleAnalytics v3 and v4

Introduction A potential security vulnerability was detected for Optimizely Google Analytics addon (including EPiServer.GoogleAnalytics and...

Bien Nguyen | Sep 20, 2023

Overriding Optimizely’s Content Recommendations Block to Implement Custom Recommendations

Introduction The Content Recommendations add-on for Optimizely CMS dynamically recommends content from your site tailored to the interests of each...

abritt | Sep 13, 2023 | Syndicated blog