16 matches found
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
MiracleLinux 9 : dotnet9.0-9.0.111-1.el9_6.ML.1 (AXSA:2025-10978:23)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10978:23 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET...
Linux Distros Unpatched Vulnerability : CVE-2025-55315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a...
Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2025-1231)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1231 advisory. Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET...
AlmaLinux 9 : .NET 8.0 (ALSA-2025:18149)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18149 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...
AlmaLinux 8 : .NET 8.0 (ALSA-2025:18148)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:18148 advisory. dotnet: .NET Information Disclosure Vulnerability CVE-2025-55248 dotnet: .NET Security Feature Bypass Vulnerability CVE-2025-55315 dotnet: .NET Denial of...
.NET 9.0 security update
An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
RLSA-2025:18153 Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime...
RHEL 9 : .NET 8.0 (RHSA-2025:18256)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18256 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
GHSA-5RRX-JJJQ-Q2R5 Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...
CVE-2025-55315
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...
CVE-2025-55315
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...
CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability
...
CVE-2025-55315
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...