1. CVE-Search
  2. CVE-2020-1045
ID CVE-2020-1045
Summary <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.20:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:2.1.21:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:asp.net_core:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 31-12-2023 - 22:15)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 1873451
title CVE-2020-1045 dotnet: ASP.NET cookie prefix spoofing vulnerability
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment aspnetcore-runtime-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699001
        • comment aspnetcore-runtime-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250002
      • AND
        • comment aspnetcore-targeting-pack-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699003
        • comment aspnetcore-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250004
      • AND
        • comment dotnet is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699005
        • comment dotnet is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259002
      • AND
        • comment dotnet-apphost-pack-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699007
        • comment dotnet-apphost-pack-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250008
      • AND
        • comment dotnet-host is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699009
        • comment dotnet-host is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191259006
      • AND
        • comment dotnet-hostfxr-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699011
        • comment dotnet-hostfxr-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250012
      • AND
        • comment dotnet-runtime-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699013
        • comment dotnet-runtime-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250014
      • AND
        • comment dotnet-sdk-3.1 is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699015
        • comment dotnet-sdk-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250016
      • AND
        • comment dotnet-targeting-pack-3.1 is earlier than 0:3.1.8-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699017
        • comment dotnet-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250018
      • AND
        • comment dotnet-templates-3.1 is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699019
        • comment dotnet-templates-3.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250020
      • AND
        • comment dotnet3.1-debugsource is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699021
        • comment dotnet3.1-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20202250022
      • AND
        • comment netstandard-targeting-pack-2.1 is earlier than 0:3.1.108-2.el8_2
          oval oval:com.redhat.rhsa:tst:20203699023
        • comment netstandard-targeting-pack-2.1 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20200130024
rhsa
id RHSA-2020:3699
released 2020-09-08
severity Important
title RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important)
rpms
  • rh-dotnet31-aspnetcore-runtime-3.1-0:3.1.8-1.el7
  • rh-dotnet31-aspnetcore-targeting-pack-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-0:3.1.108-1.el7
  • rh-dotnet31-dotnet-apphost-pack-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-debuginfo-0:3.1.108-1.el7
  • rh-dotnet31-dotnet-host-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-hostfxr-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-runtime-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-sdk-3.1-0:3.1.108-1.el7
  • rh-dotnet31-dotnet-targeting-pack-3.1-0:3.1.8-1.el7
  • rh-dotnet31-dotnet-templates-3.1-0:3.1.108-1.el7
  • rh-dotnet31-netstandard-targeting-pack-2.1-0:3.1.108-1.el7
  • aspnetcore-runtime-3.1-0:3.1.8-2.el8_2
  • aspnetcore-targeting-pack-3.1-0:3.1.8-2.el8_2
  • dotnet-0:3.1.108-2.el8_2
  • dotnet-apphost-pack-3.1-0:3.1.8-2.el8_2
  • dotnet-apphost-pack-3.1-debuginfo-0:3.1.8-2.el8_2
  • dotnet-host-0:3.1.8-2.el8_2
  • dotnet-host-debuginfo-0:3.1.8-2.el8_2
  • dotnet-hostfxr-3.1-0:3.1.8-2.el8_2
  • dotnet-hostfxr-3.1-debuginfo-0:3.1.8-2.el8_2
  • dotnet-runtime-3.1-0:3.1.8-2.el8_2
  • dotnet-runtime-3.1-debuginfo-0:3.1.8-2.el8_2
  • dotnet-sdk-3.1-0:3.1.108-2.el8_2
  • dotnet-sdk-3.1-debuginfo-0:3.1.108-2.el8_2
  • dotnet-targeting-pack-3.1-0:3.1.8-2.el8_2
  • dotnet-templates-3.1-0:3.1.108-2.el8_2
  • dotnet3.1-debuginfo-0:3.1.108-2.el8_2
  • dotnet3.1-debugsource-0:3.1.108-2.el8_2
  • netstandard-targeting-pack-2.1-0:3.1.108-2.el8_2
refmap via4
fedora
  • FEDORA-2020-48fa1ad65c
  • FEDORA-2020-e2deb72e0f
misc https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045
Last major update 31-12-2023 - 22:15
Published 11-09-2020 - 17:15
Last modified 31-12-2023 - 22:15
Back to Top