Published: 08/08/2023 Updated: 06/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

ASP.NET Elevation of Privilege Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft .net_framework 4.8
microsoft .net_framework 4.6.2
microsoft .net_framework 4.7
microsoft .net_framework 4.7.1
microsoft .net_framework 4.7.2
microsoft .net_framework 3.5
microsoft .net_framework 4.8.1
microsoft .net_framework 2.0

Check Point Reference: CPAI-2023-1120 Date Published: 6 Dec 2023 Severity: High ...

Critical Infrastructure Sectors: Energy, Transportation Systems, Water and Wastewater Systems

CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。

CVE-2023-36899 CVE-2023-36899漏洞的复现环境和工具，针对ASPNET框架中的无cookie会话身份验证绕过。 Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASPNET Framework (CVE-2023-36899) 在现代的Web开发中，尽管cookies是传输会话ID的首选方法，但NET Framework也提供了一种替代方法：直接在URL中编码会话ID�

NVD-CWE-noinfo https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899 https://nvd.nist.gov https://github.com/midisec/CVE-2023-36899 https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-08

CVE-2023-36899

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect