Microsoft: >> Asp.net Core >> 2.1.10 Security Vulnerabilities
CVE-2023-38180
.NET and Visual Studio Denial of Service Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVSS Score
6.2
EPSS Score
0.021
Published
2023-08-08
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
CVSS Score
7.5
EPSS Score
0.138
Published
2020-09-11