Microsoft: >> Asp.net Core >> 2.1.3 Security Vulnerabilities
CVE-2023-38180
.NET and Visual Studio Denial of Service Vulnerability
Known exploited
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-08
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVSS Score
6.2
EPSS Score
0.03
Published
2023-08-08
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
CVSS Score
7.5
EPSS Score
0.142
Published
2020-09-11
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
CVSS Score
7.5
EPSS Score
0.129
Published
2018-09-13