Microsoft: >> Asp.net Core >> 2.1.3 Security Vulnerabilities
CVE-2023-38180
.NET and Visual Studio Denial of Service Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVSS Score
6.2
EPSS Score
0.021
Published
2023-08-08
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
CVSS Score
7.5
EPSS Score
0.138
Published
2020-09-11
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
CVSS Score
7.5
EPSS Score
0.076
Published
2018-09-13