Описание
ASP.NET Core Remote Code Execution Vulnerability
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle client deleted connections.
An attacker who successfully exploited the vulnerability could run arbitrary code in memory on the server. Exploitation of the vulnerability requires that a user perform certain actions during the connection process.
The security update addresses the vulnerability by correcting how ASP.NET Core handles deleted connections.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| ASP.NET Core 2.1 | ||
| ASP.NET Core 3.0 | ||
| ASP.NET Core 3.1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
Уязвимость программной платформы ASP.NET Core, существующая из-за ошибок обработки объектов в памяти, позволяющая нарушителю выполнить произвольный код
ELSA-2020-0130: .NET Core on Red Hat Enterprise Linux security and bug fix update (CRITICAL)
EPSS