Vulnerability in EPiServer.Forms
Well, they say that a picture says more then a thousand words which applies for this issue, but I'll try to explain as good as I can.
A customer have just installed internet explorer 10 and tries to log into edit mode in Episerver CMS 6 R2 but the page is messed up and in the address field a log of characters have been inserted between the hostname (URI) and the path to edit mode. The page refreshes constantly.
In log4net there are a log of messages, but some messages seem to repeat itself.
1.1.3 Page Initialized
Adding hidden anti-forgery field to response
Attaching anti-forgery to request
User already has anti-forgery cookie set
Page initialized ...
Since the error started to occur in IE 10 (and IE 11) and works in for example chrome it seems to be a problem with newer editons of Internet Explorer.
Anyone else experienced similar problems??
Thank you very much for any clues on this problem!
The error seems to occur on the server or from a computer inside the company only.
I don't experience this error outside from my computer
Disabling protected mode did not help.
Changing to the lowest security level and lowering privacy level did not help eighter.
This cannot be fixed because the browser is not supported.
Answer from Episerver Helpdesk:
Hi Jon Haakon,
Unfortunately IE10 and IE11 are not tested with and therefore not supported browsers for cms6r2.
Supported browsers are:
•Microsoft Internet Explorer 7.0
•Microsoft Internet Explorer 8.0
•Microsoft Internet Explorer 9.0
•Firefox 3.6, 4.0
EPiServer Developer Support
View your Incident online: https://servicedesk.episerver.com/OTWG/Login.aspx?id=1220917&singleton=1&guestlogin_id=10
I see this error in may solutions, I can't understand that Episerver doesn't find a solution on this error.
What is anti- anti-forgery field?
Ref. Log4net error : Adding hidden anti-forgery field to response
We have the same problem with IE 11.
And according to EPiServer
Any of the following is required for edit mode:
Is there a solution for this yet.
See Linus Ekströms comment on :
"Check http://support.microsoft.com/kb/2836939/en-us for the IE11 issue."
thanks Jon Haakon
but this does not work.
"KB2836939v3 does not apply, or is blocked by another condition on your computer."
Have you installed KB2836939v3 on the webserver running the episerver solution?
If you install the latest version of the .NET framework on the server it should work better.
My fault. I should have figured it out. I tried to install on my client because I thought it was a client problem.
We will try to install it in the web server.
I will return with result.
thanks for all help :)