CVE-2020-1045
Description
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
20.523
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App 2.1.22 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.Owin 4.1.1 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.Http 2.1.22 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 3.1.8 | Windows |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 3.1.8 | Windows |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update aspnetcore-runtime-3.1-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update aspnetcore-targeting-pack-3.1-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-3.1.108-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-apphost-pack-3.1-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-host-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-hostfxr-3.1-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-runtime-3.1-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-sdk-3.1-3.1.108-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-targeting-pack-3.1-3.1.8-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet-templates-3.1-3.1.108-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update dotnet3.1-debugsource-3.1.108-2.el8_2.x86_64.rpm | Linux |
| (RHSA-2020:3699) .NET Core 3.1 security and bugfix update netstandard-targeting-pack-2.1-3.1.108-2.el8_2.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App for Linux 2.1.22 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.Owin for Linux 4.1.1 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.Http for Linux 2.1.22 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 for Linux 3.1.8 | Linux |
| Vulnerabilities CVE-2020-1045 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-arm64 for Linux 3.1.8 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234