Lucene search

K
mscveMicrosoftMS:CVE-2020-1045
HistorySep 08, 2020 - 7:00 a.m.

Microsoft ASP.NET Core Security Feature Bypass Vulnerability

2020-09-0807:00:00
Microsoft
msrc.microsoft.com
72

0.002 Low

EPSS

Percentile

64.2%

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.

The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.

The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.