Tag

Kestrel

3 posts tagged with this.

All posts RSS
  1. Official Blog
    · 2 min read

    Addressing the Recent Kestrel Header Parsing Advisory

    A Microsoft advisory details a denial-of-service risk in Kestrel's HTTP/2 header handling affecting ASP.NET Core production sites. Learn the scope of impact and the concrete configuration and patching steps required to close the exposure.
  2. Official Blog
    · 1 min read

    Mitigating Recent Kestrel Request Handling Issues

    A recent Microsoft advisory highlights risks in Kestrel's HTTP request processing for ASP.NET Core applications. Production sites must apply configuration changes and update to current .NET releases to prevent potential request smuggling and denial of service.
  3. Official Blog
    · 1 min read

    Mitigating CVE-2023-38180 in ASP.NET Core Kestrel

    ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.