vulnerability

ASP.NET Serialization - Unencrypted binary data (Binarry Formatter)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 1, 2017	Jun 27, 2018	Jun 27, 2018

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 1, 2017

Added

Jun 27, 2018

Modified

Jun 27, 2018

Description

Asp.Net Serialization is the technique used by an ASP.NET Web page to persist changes to the state of a binary object. By default, binary data is encoded using base64 encoding.

Serialized data can potentially be intercepted and read by malicious users. Furthermore, in some cases controls might use serialized data for internal processing, so a malicious code may be processed on the web server

Solution

aspnetserialization-aspnetserialization-r01

References

CWE-502
OWASP-2010-A1
OWASP-2013-A1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today