Test ID:	1.3.6.1.4.1.25623.1.0.818182
Category:	Windows
Title:	.NET Core Denial of Service And Information Disclosure Vulnerabilities - Windows
Summary:	.NET Core is prone to a denial of service (DoS) and; an information disclosure vulnerability.
Description:	Summary: .NET Core is prone to a denial of service (DoS) and an information disclosure vulnerability. Vulnerability Insight: Multiple flaws are due to: - .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. - A JWT token is logged if it cannot be parsed. Vulnerability Impact: Successful exploitation will allow an attacker to disclose sensitive information and also cause a denial of service condition. Affected Software/OS: .NET Core runtime 5.0 before 5.0.9, 3.1 before 3.1.18, and 2.1 before 2.1.29 and .NET Core SDK 5.0 before 5.0.206, 3.1 before 3.1.118, and 2.1 before 2.1.525. Solution: Upgrade .NET Core runtimes to versions 5.0.9 or 3.1.18 or 2.1.29 or later or upgrade .NET Core SDK to versions 5.0.206 or 5.0.303 or 3.1.118 or 3.1.412 or 2.1.525 or 2.1.817 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-26423 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26423 Common Vulnerability Exposure (CVE) ID: CVE-2021-34532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.