26 matches found
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
MiracleLinux 9 : dotnet9.0-9.0.111-1.el9_6.ML.1 (AXSA:2025-10978:23)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10978:23 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET...
EUVD-2025-55315
Malicious code in communist-jade-coyote npm...
CVE-2025-55315 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap, dotnet...
Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
On October 14, 2025, Microsoft released a security update addressingCVE-2025-55315, a vulnerability in ASP.NET Core that allows HTTP request smuggling. While request smuggling is a known technique, this security update addresses a scenario with a high CVSS score to help encourage mitigation actio...
Linux Distros Unpatched Vulnerability : CVE-2025-55315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a...
Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2025-1231)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1231 advisory. Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET...
AlmaLinux 8 : .NET 8.0 (ALSA-2025:18148)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18148 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...
AlmaLinux 9 : .NET 8.0 (ALSA-2025:18149)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18149 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...
RLSA-2025:18153 Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime...
.NET 8.0 security update
An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
.NET 9.0 security update
An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
.NET 9.0 security update
An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
SUSE CVE-2025-55315
unknown...
CVE-2025-55315 vulnerabilities
Vulnerabilities for packages: dotnet, dotnet-bootstrap, azure-functions-extension-bundles...
RHEL 9 : .NET 8.0 (RHSA-2025:18256)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18256 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
RHEL 9 : .NET 9.0 (RHSA-2025:18151)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18151 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
GHSA-5RRX-JJJQ-Q2R5 Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...