Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-55315

Опубликовано: 15 окт. 2025
Источник: redhat
CVSS3: 8.5
EPSS Низкий

Описание

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended forwarding of request data.

Отчет

The Red Hat Product Security team has assessed this issue as Important. An authorized network attacker can exploit inconsistent HTTP request parsing in ASP.NET Core to bypass security controls (HTTP request smuggling), potentially exposing or enabling unauthorized actions on request data in affected .NET runtimes.

.NET 6.0 for RHEL-8, RHEL-9 and RHIVOS has reached its End of Life as of November 12, 2024, and is no longer supported. No fixes will be provided for this stream. For additional information about lifecycle for .NET on Red Hat Enterprise Linux, please refer to: https://access.redhat.com/support/policy/updates/net-core.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9dotnet6.0Out of support scope
Red Hat Enterprise Linux 9dotnet7.0Out of support scope
Red Hat Enterprise Linux 10dotnet8.0FixedRHSA-2025:1815215.10.2025
Red Hat Enterprise Linux 10dotnet9.0FixedRHSA-2025:1815315.10.2025
Red Hat Enterprise Linux 10dotnet10.0FixedRHBA-2025:2099311.11.2025
Red Hat Enterprise Linux 8dotnet8.0FixedRHSA-2025:1814815.10.2025
Red Hat Enterprise Linux 8dotnet9.0FixedRHSA-2025:1815015.10.2025
Red Hat Enterprise Linux 9dotnet10.0FixedRHBA-2025:2091611.11.2025
Red Hat Enterprise Linux 9dotnet8.0FixedRHSA-2025:1814915.10.2025
Red Hat Enterprise Linux 9dotnet9.0FixedRHSA-2025:1815115.10.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-444
https://bugzilla.redhat.com/show_bug.cgi?id=2403085dotnet: .NET Security Feature Bypass Vulnerability

EPSS

Процентиль: 43%
0.00205
Низкий

8.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-55315

CVSS3: 9.9
ubuntu
6 месяцев назад

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

nvd логотип

CVE-2025-55315

CVSS3: 9.9
nvd
6 месяцев назад

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

msrc логотип

CVE-2025-55315

CVSS3: 9.9
msrc
6 месяцев назад

ASP.NET Security Feature Bypass Vulnerability

github логотип

GHSA-5rrx-jjjq-q2r5

CVSS3: 9.9
github
6 месяцев назад

Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability

fstec логотип

BDU:2025-13247

CVSS3: 9.9
fstec
6 месяцев назад

Уязвимость программной платформы ASP.NET Core, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 43%
0.00205
Низкий

8.5 High

CVSS3