ID CVE-2020-1045
Summary A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 02-10-2020 - 03:15)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 1873451
title CVE-2020-1045 dotnet: ASP.NET cookie prefix spoofing vulnerability
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment aspnetcore-runtime-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699001
        • comment aspnetcore-runtime-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250002
      • AND
        • comment aspnetcore-targeting-pack-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699003
        • comment aspnetcore-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250004
      • AND
        • comment dotnet is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699005
        • comment dotnet is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259002
      • AND
        • comment dotnet-apphost-pack-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699007
        • comment dotnet-apphost-pack-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250008
      • AND
        • comment dotnet-host is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699009
        • comment dotnet-host is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259006
      • AND
        • comment dotnet-hostfxr-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699011
        • comment dotnet-hostfxr-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250012
      • AND
        • comment dotnet-runtime-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699013
        • comment dotnet-runtime-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250014
      • AND
        • comment dotnet-sdk-3.1 is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699015
        • comment dotnet-sdk-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250016
      • AND
        • comment dotnet-targeting-pack-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699017
        • comment dotnet-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250018
      • AND
        • comment dotnet-templates-3.1 is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699019
        • comment dotnet-templates-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250020
      • AND
        • comment dotnet3.1-debugsource is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699021
        • comment dotnet3.1-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250022
      • AND
        • comment netstandard-targeting-pack-2.1 is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699023
        • comment netstandard-targeting-pack-2.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200130024
rhsa
id RHSA-2020:3699
released 2020-09-08
severity Important
title RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important)
rpms
  • rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.8-1.el7
  • rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-0:3.1.108-1.el7
  • rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-debuginfo-0:3.1.108-1.el7
  • rh-dotnet31-dotnet-host-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-runtime-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-sdk-3.1-0:3.1.108-1.el7
  • rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-templates-3.1-0:3.1.108-1.el7
  • rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.108-1.el7
  • aspnetcore-runtime-3.1-0:3.1.8-2.el8_2
  • aspnetcore-targeting-pack-3.1-0:3.1.8-2.el8_2
  • dotnet-0:3.1.108-2.el8_2
  • dotnet-apphost-pack-3.1-0:3.1.8-2.el8_2
  • dotnet-apphost-pack-3.1-debuginfo-0:3.1.8-2.el8_2
  • dotnet-host-0:3.1.8-2.el8_2
  • dotnet-host-debuginfo-0:3.1.8-2.el8_2
  • dotnet-hostfxr-3.1-0:3.1.8-2.el8_2
  • dotnet-hostfxr-3.1-debuginfo-0:3.1.8-2.el8_2
  • dotnet-runtime-3.1-0:3.1.8-2.el8_2
  • dotnet-runtime-3.1-debuginfo-0:3.1.8-2.el8_2
  • dotnet-sdk-3.1-0:3.1.108-2.el8_2
  • dotnet-sdk-3.1-debuginfo-0:3.1.108-2.el8_2
  • dotnet-targeting-pack-3.1-0:3.1.8-2.el8_2
  • dotnet-templates-3.1-0:3.1.108-2.el8_2
  • dotnet3.1-debuginfo-0:3.1.108-2.el8_2
  • dotnet3.1-debugsource-0:3.1.108-2.el8_2
  • netstandard-targeting-pack-2.1-0:3.1.108-2.el8_2
refmap via4
fedora FEDORA-2020-e2deb72e0f
misc https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
Last major update 02-10-2020 - 03:15
Published 11-09-2020 - 17:15
Last modified 02-10-2020 - 03:15
Back to Top