CVE-2020-1045

CWE-8078 documents7 sources

Severity

7.5HIGH

EPSS

20.4%

top 4.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Asp.net Core 2.1 Microsoft Asp.net Core 3.1 Microsoft Asp.net Core +5 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages16 packages

▶NVDmicrosoft/asp.net_core3.1 — 3.1.8+1

▶NuGetMicrosoft.AspNetCore.App< 2.1.22

▶NuGetMicrosoft.AspNetCore.Http< 2.1.22

▶CVEListV5microsoft/asp.net_core_2.12.0 — publication

▶CVEListV5microsoft/asp.net_core_3.13.0 — publication

Also affects: Fedora 32, 33, Enterprise Linux 8.0, 8.2, 8.4, 8.6

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

Cookie parsing failure↗2022-05-24

▶

OSV

Cookie parsing failure↗2022-05-24

▶

CVEList

Microsoft ASP.NET Core Security Feature Bypass Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Microsoft ASP.NET Core Security Feature Bypass Vulnerability↗2020-09-08

▶

Red Hat

dotnet: ASP.NET cookie prefix spoofing vulnerability↗2020-07-01

▶

💬Community

Bugzilla

CVE-2020-1045 dotnet: ASP.NET cookie prefix spoofing vulnerability↗2020-08-28

▶

Bugzilla

CVE-2018-10916 lftp: particular remote file names may lead to current working directory erased↗2018-07-31

▶