RedirectMode in ASP.NET Security Vulnerability

In Scott Guthries blog on the ASP.NET Security vulnerability noted here he says that for ASP.NET 3.5 SP1+ the following attribute should be set in the custom errors section

redirectMode="ResponseRewrite"

What is the significance of this in relation to the vulnerability and why only 3.5 开发者_运维百科SP1 and above?

The ResponseRedirect gives to the attacker the information for the time to take to give the redirect header.

The ResponseRewrite did not return redirect header, so the attacker did not know this time.

Attacker can use this delay time to find what kind of error is, for that reason Scott give an error.aspx page example with a random delay. If you not use the ResponceRewrite then this delay is pointless.

Why only 3.5 SP1 and above because is not exist on previous version.s

Why only 3.5 SP1 and above? Because the attribute didn't exist before then.

Setting the attribute changes the way in which the error page renders. The default value (ResponseRedirect) causes the server to issue a redirect to the error page. The suggested value of ResponseRewrite causes the response to be written back instead of the requested content - without redirecting the user to a different Uri. At least, that's what I understand of it.

The MSDN documentation for the attribute is here...