Security Policy

Web Site Search

Products

Resources

Programs

Community

News

About

Downloads

Directory

Forums

Forge

Blogs

Marketplace

Careers

News › Security Policy

Join A User Group Today

Issues

DNN 2006-1-M (02 August 06)

DNN 2006-2-C (02 August 06)

DNN 2006-3-L (17 September 06)

DNN 2006-4-C (16 November 06)

DNN 2006-5-L (16 November 06)

DNN 2006-6-M (30 November 06)

DNN 2007-1-M (05 April 07)

DNN 2007-2-M (20 July 07)

DNN 2007-3-L (6 November 07)

DNN 2007-4-C (6 November 07)

DNN 2008-1-C (19 March 08)

DNN 2008-2-C (19 March 08)

DNN 2008-3-C (19 March 08)

DNN 2008-4-L (27 May 08)

DNN 2008-5-C (27 May 08)

DNN 2008-6-C (27 May 08)

DNN 2008-7-C (27 May 08)

DNN 2008-8-L (11 Jun 08)

DNN 2008-9-L (11 Jun 08)

DNN 2008-10-L (11 Jun 08)

DNN 2008-11-C (10 September 08)

DNN 2008-12-L (10 September 08)

DNN 2008-13-C (10 September 08)

DNN 2008-14-C (24 December 08)

Report Issue

Email:

Name:

Message:

Security Code

Enter the code shown above in the box below

Send

Security Bulletins Policy

DotNetNuke takes the issue of security very seriously, and makes every possible effort to ensure speedy analysis of reported issues, and where required, provides workarounds and updated application releases to fix them.

We request that all suspected issues/security scan results get emailed to our security alias displayed below or entered through the online form displayed to the right :

security@dotnetnuke.com

Any information submitted to this alias is kept confidential and is only viewed by members of the DotNetNuke Security Task Force, and will not be discussed outside this group without permission from the person/company who submitted the information. Confirmed issues will be assigned a level to indicate their relative severity and potential impact. This information will be made available via the security blog, forum posts, and where judged necessary, an email bulletin.

Bulletin Levels

Critical

A bulletin rated critical is one where an exploit can be exploited by a remote attacker to gain access to DotNetNuke data or functionality. A critical vulnerability will have a recommended workaround or fix that should be applied as soon as possible.

Moderate

A moderate bulletin is one where a portal can be compromised, but requires some dependant actions e.g. a particular module or a user within a particular role is required, which is then used to gain access to data or functionality. Issues at this level will often have recommended actions to remove the issue.

Low

All other issues are rated as low. These will contain flaws that are very difficult to exploit, or where an exploit has a limited impact.

Disclosure Policy

When a bulletin is posted, we will provide details to inform users of the versions impacted, and unless it will give too much information to potential hackers, the attack vector and potential impacts.

DotNetNuke Core Security Blog

This blog is used to detail any security related posts. This will include both posts on general security matters, as well as information on new issues, releases and documentation.

Security Blog

It is a recommended resource to keep up to date on DotNetNuke security information.

Security Documentation

Title	Owner	Category	Modified Date	Size
Secure Module Development	Shaun Walker		7/21/2006	267.98 KB	Download
Hardening DotNetNuke Installations	Shaun Walker		7/21/2006	268.02 KB	Download

Disgrafic
Diseño y creación de portales web dinámicos :: Desarrollo de módulos personalizados :: Soluciones a medida :: Imagen Corporativa :: Tu proveedor DNN en España
www.disgrafic.com

DM Analytics, LLC
DM Analytics, LLC provides software solutions that facilitate rapid development of independent or dependent datamarts and their associated web-based reporting.
www.dmanalytics.com

Integral Hosting | DNN only $14.95/month
Experienced .NET hosting on Windows 2003, ASP.NET 1.1 & 2.0, MSSQL with real technical support.
www.integralhosting.com

DotNetNuke Corporation Terms Of Use Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation