Tag

CVE

7 posts tagged with this.

All posts RSS
  1. Official Blog
    · 1 min read

    Mitigating Recent ASP.NET Core Auth Header Risks

    A recent advisory details flaws in how ASP.NET Core applications process authentication headers under specific load conditions. Production sites must apply updates and tighten configuration to prevent bypasses.
  2. Official Blog
    · 1 min read

    Mitigating Recent .NET Request Smuggling Risks

    A recent advisory highlights HTTP/2 request smuggling flaws affecting ASP.NET Core applications on IIS. Production sites must apply updates and adjust server configuration to prevent request manipulation and unauthorized access.
  3. Official Blog
    · 1 min read

    Mitigating Recent ASP.NET Core Header Parsing Risks

    A recent Microsoft security advisory highlights risks in ASP.NET Core header handling that can lead to authentication bypass on production sites. Learn who is affected and the exact configuration changes required to close the exposure.
  4. Official Blog
    · 1 min read

    Mitigating the 2026 ASP.NET Core Deserialization Advisory

    A deserialization flaw disclosed in March 2026 affects ASP.NET Core applications running on .NET 9 and earlier. Production sites must update to the current LTS release and tighten serialization settings to prevent remote code execution.
  5. Official Blog
    · 1 min read

    Mitigating CVE-2023-38180 in ASP.NET Core Kestrel

    ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.
  6. Official Blog
    · 2 min read

    Mitigating CVE-2023-44487: HTTP/2 Rapid Reset in .NET Apps

    CVE-2023-44487 exposes HTTP/2 servers to a high-amplification denial of service attack known as Rapid Reset. Learn exactly how it impacts ASP.NET Core applications on Kestrel and IIS, plus the updates, Kestrel configuration, and monitoring practices needed to keep your production sites online.
  7. Official Blog
    · 4 min read

    Mitigating CVE-2023-44487: HTTP/2 Rapid Reset on .NET Servers

    CVE-2023-44487 enables devastating DDoS attacks by exploiting HTTP/2 stream resets. Learn exactly which .NET and Windows components are vulnerable, the precise configuration changes required, and code examples that add rate limiting to your ASP.NET Core applications for robust protection.