<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious malicious user to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft asp.net core |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux aus 8.2 |
||
redhat enterprise linux tus 8.2 |
||
redhat enterprise linux aus 8.4 |
||
redhat enterprise linux tus 8.4 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux eus 8.6 |
||
redhat enterprise linux tus 8.6 |
||
redhat enterprise linux aus 8.6 |