Описание
.NET Core Information Disclosure Vulnerability
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect.
An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.
The security update addresses the vulnerability by correcting how .NET Core handles redirects.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| .NET Core 1.0 | ||
| .NET Core 1.1 | ||
| PowerShell Core 6.0 | ||
| .NET Core 2.1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
Уязвимость программного средства .NET Core и расширяемого средства автоматизации PowerShell Core, связанная с ошибками процедуры аутентификации, позволяющая нарушителю раскрыть защищаемую информацию
EPSS