Описание
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.
The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.
The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.
A flaw was found in ASP.NET. Certain cookie values are not properly decoded allowing a remote attacker to bypass the "Cookie Prefixes" security mechanism. The highest threat from this vulnerability is to data integrity.
Отчет
The "Cookie Prefixes" feature is not used by default in ASP.NET. Successful exploitation likely requires a secondary vulnerability, for example a cross-site scripting issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21 | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet | Not affected | ||
| .NET Core on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Fixed | RHSA-2020:3697 | 08.09.2020 |
| Red Hat Enterprise Linux 8 | dotnet3.1 | Fixed | RHSA-2020:3699 | 08.09.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
Microsoft ASP.NET Core Security Feature Bypass Vulnerability
<p>A security feature bypass vulnerability exists in the way Microsoft ...
ELSA-2020-3699: .NET Core 3.1 security and bugfix update (IMPORTANT)
EPSS
7.5 High
CVSS3