Описание
ASP.NET Core Denial of Service Vulnerability
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
FAQ
How do I know if my client or server app is vulnerable?
A client or server app is vulnerable if it has a package reference to these versions of Microsoft.AspNetCore.SignalR.Protocols.MessagePack:
- For 2.2.x apps: MessagePack 1.1.0 is vulnerable, and the fix is in 1.1.5
- For 2.1.x apps: MessagePack 1.0.4 (and earlier), and the fix is in 1.0.11
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| ASP.NET Core 2.1 | ||
| ASP.NET Core 2.2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Уязвимость программной платформы ASP.NET Core, связанная с ошибками обработки запросов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS