Vulnerabilites related to Microsoft - ASP.NET Core 2.1
cve-2021-34532
Vulnerability from cvelistv5
Published
2021-08-12 18:12
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | ASP.NET Core 2.1 |
Version: 2.0 < 2.1.29 cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "2.1.29", status: "affected", version: "2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "3.1.18", status: "affected", version: "3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 5.0", vendor: "Microsoft", versions: [ { lessThan: "5.0.9", status: "affected", version: "5.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "16.4.25", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "16.7.18", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)", vendor: "Microsoft", versions: [ { lessThan: "16.9.10", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9)", vendor: "Microsoft", versions: [ { lessThan: "16.10.5", status: "affected", version: "16.10.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*", ], platforms: [ "Unknown", ], product: "Visual Studio 2019 for Mac version 8.10", vendor: "Microsoft", versions: [ { lessThan: "8.10.7", status: "affected", version: "8.1.0", versionType: "custom", }, ], }, ], datePublic: "2021-08-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "ASP.NET Core and Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:54:05.650Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532", }, ], title: "ASP.NET Core and Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34532", datePublished: "2021-08-12T18:12:05", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.394Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38180
Vulnerability from cvelistv5
Published
2023-08-08 18:52
Modified
2025-02-26 16:45
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | ASP.NET Core 2.1 |
Version: 2.0 < 2.1.40 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-38180", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:42:20.831219Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-08-09", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38180", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-26T16:45:17.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "ASP.NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "2.1.40", status: "affected", version: "2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.21", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.10", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.18", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.10", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.6", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "2.1.40", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.21", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.10", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.18", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.10", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.6", versionStartIncluding: "17.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: ".NET and Visual Studio Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:15.326Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: ".NET and Visual Studio Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180", }, ], title: ".NET and Visual Studio Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38180", datePublished: "2023-08-08T18:52:31.790Z", dateReserved: "2023-07-12T23:41:45.867Z", dateUpdated: "2025-02-26T16:45:17.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1597
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | ASP.NET Core 2.1 |
Version: 2.0 < publication cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597", }, { name: "FEDORA-2020-cad5d17c6d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/", }, { name: "FEDORA-2020-9ddf1aa50b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.0", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.\n", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:24.159Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597", }, { name: "FEDORA-2020-cad5d17c6d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW4CBI26KSO3PRL3HLVVISXPPOYUHSXO/", }, { name: "FEDORA-2020-9ddf1aa50b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WH5FQ5VT3JGHXFXOETHCTBWJUIAPGHHT/", }, ], title: "ASP.NET Core Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1597", datePublished: "2020-08-17T19:13:53", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35391
Vulnerability from cvelistv5
Published
2023-08-08 18:52
Modified
2025-01-01 01:59
Severity ?
EPSS score ?
Summary
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Version: 17.2.0 < 17.2.18 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:23:59.717Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35391", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T18:55:14.681715Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T18:57:48.798Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.18", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.10", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.6", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "ASP.NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "2.1.40", status: "affected", version: "2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 6.0", vendor: "Microsoft", versions: [ { lessThan: "6.0.21", status: "affected", version: "6.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: ".NET 7.0", vendor: "Microsoft", versions: [ { lessThan: "7.0.10", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.18", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.10", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.6", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", versionEndExcluding: "2.1.40", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "6.0.21", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", versionEndExcluding: "7.0.10", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:13.738Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391", }, ], title: "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-35391", datePublished: "2023-08-08T18:52:30.105Z", dateReserved: "2023-06-14T23:09:47.640Z", dateUpdated: "2025-01-01T01:59:13.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1045
Vulnerability from cvelistv5
Published
2020-09-11 00:00
Modified
2024-11-18 16:25
Severity ?
EPSS score ?
Summary
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | ASP.NET Core 2.1 |
Version: 2.0 < publication cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045", }, { name: "FEDORA-2020-e2deb72e0f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/", }, { name: "FEDORA-2020-48fa1ad65c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/", }, { tags: [ "x_transferred", ], url: "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318", }, { tags: [ "x_transferred", ], url: "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:3699", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-1045", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-10T18:21:43.315688Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:25:38.621Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 2.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "ASP.NET Core 3.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "3.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>\n<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>\n<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Security Feature Bypass", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:37.415Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045", }, { name: "FEDORA-2020-e2deb72e0f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/", }, { name: "FEDORA-2020-48fa1ad65c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/", }, { url: "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318", }, { url: "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600", }, { url: "https://access.redhat.com/errata/RHSA-2020:3699", }, ], title: "Microsoft ASP.NET Core Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1045", datePublished: "2020-09-11T00:00:00", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-11-18T16:25:38.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }