Skip to main content

Asp Net Core CVE-2020-1045

HIGH
2020-09-11 secure@microsoft.com
7.5
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 11, 2020 - 17:15 cve.org
HIGH 7.5

DescriptionCVE.org

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>

AnalysisAI

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> Affected products include: Microsoft Asp.Net Core, Fedoraproject Fedora, Redhat Enterprise Linux, Redhat Enterprise Linux Aus, Redhat Enterprise Linux Eus.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-26682 HIGH
7.5 Apr 08

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service ove

CVE-2017-11879 HIGH
8.8 Nov 15

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a s

CVE-2017-8700 HIGH
7.5 Nov 15

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retri

CVE-2026-45591 HIGH
7.5 Jun 09

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disru

CVE-2021-43877 HIGH
8.8 Dec 15

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability

CVE-2020-0603 HIGH
8.8 Jan 14

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memor

CVE-2019-1302 HIGH
8.8 Sep 11

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project tem

CVE-2018-0787 HIGH
8.8 Mar 14

ASP.NET Core 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required

CVE-2018-0784 HIGH
8.8 Jan 10

ASP.NET Core 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required

CVE-2026-26130 HIGH
7.5 Mar 10

Uncontrolled resource allocation in ASP.NET Core enables unauthenticated remote attackers to exhaust system resources an

CVE-2023-36038 HIGH
7.5 Nov 14

ASP.NET Core Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable

CVE-2023-38180 HIGH
7.5 Aug 08

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely e

Share

CVE-2020-1045 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy