vulnerability

Oracle Linux: CVE-2020-1045: ELSA-2020-3699: .NET Core 3.1 security and bugfix update (IMPORTANT)

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
2020-07-01
Added
2020-09-12
Modified
2024-12-09

Description

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
A flaw was found in ASP.NET. Certain cookie values are not properly decoded allowing a remote attacker to bypass the "Cookie Prefixes" security mechanism. The highest threat from this vulnerability is to data integrity.

Solution(s)

oracle-linux-upgrade-aspnetcore-runtime-3-1oracle-linux-upgrade-aspnetcore-targeting-pack-3-1oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-apphost-pack-3-1oracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-hostfxr-3-1oracle-linux-upgrade-dotnet-runtime-3-1oracle-linux-upgrade-dotnet-sdk-3-1oracle-linux-upgrade-dotnet-targeting-pack-3-1oracle-linux-upgrade-dotnet-templates-3-1oracle-linux-upgrade-netstandard-targeting-pack-2-1

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today