Описание
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 10.0.100-10.0.0~rc2-0ubuntu1 |
| focal | DNE | |
| jammy | DNE | |
| noble | needs-triage | |
| plucky | needs-triage | |
| questing | released | 10.0.100-10.0.0~rc2-0ubuntu1~25.10.2 |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| focal | DNE | |
| jammy | deferred | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| focal | DNE | |
| jammy | ignored | see notes |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| focal | DNE | |
| jammy | released | 8.0.121-8.0.21-0ubuntu1~22.04.1 |
| noble | released | 8.0.121-8.0.21-0ubuntu1~24.04.1 |
| plucky | released | 8.0.121-8.0.21-0ubuntu1~25.04.1 |
| questing | released | 8.0.121-8.0.21-0ubuntu1~25.10.1 |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| plucky | released | 9.0.111-9.0.10-0ubuntu1~25.04.1 |
| questing | released | 9.0.111-9.0.10-0ubuntu1~25.10.1 |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
EPSS
9.9 Critical
CVSS3
Связанные уязвимости
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Уязвимость программной платформы ASP.NET Core, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю обойти существующие ограничения безопасности
ELBA-2025-20993: .NET 10.0 bug fix and enhancement update (IMPORTANT)
EPSS
9.9 Critical
CVSS3