ID de Prueba:	1.3.6.1.4.1.25623.1.0.818182
Categoría:	Windows
Título:	.NET Core Denial of Service And Information Disclosure Vulnerabilities - Windows
Resumen:	.NET Core is prone to a denial of service (DoS) and; an information disclosure vulnerability.
Descripción:	Summary: .NET Core is prone to a denial of service (DoS) and an information disclosure vulnerability. Vulnerability Insight: Multiple flaws are due to: - .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. - A JWT token is logged if it cannot be parsed. Vulnerability Impact: Successful exploitation will allow an attacker to disclose sensitive information and also cause a denial of service condition. Affected Software/OS: .NET Core runtime 5.0 before 5.0.9, 3.1 before 3.1.18, and 2.1 before 2.1.29 and .NET Core SDK 5.0 before 5.0.206, 3.1 before 3.1.118, and 2.1 before 2.1.525. Solution: Upgrade .NET Core runtimes to versions 5.0.9 or 3.1.18 or 2.1.29 or later or upgrade .NET Core SDK to versions 5.0.206 or 5.0.303 or 3.1.118 or 3.1.412 or 2.1.525 or 2.1.817 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-26423 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423 Common Vulnerability Exposure (CVE) ID: CVE-2021-34532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.