Microsoft: >> Asp.net Core >> 3.1.0 Security Vulnerabilities
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CVSS Score
5.5
EPSS Score
0.004
Published
2021-08-12
ASP.NET Core and Visual Studio Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.034
Published
2021-01-12
<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
CVSS Score
7.5
EPSS Score
0.197
Published
2020-09-11