Kestrel
4 posts tagged with this.
-
Mitigating Recent ASP.NET Core Request Smuggling Risks
A flaw in Kestrel's HTTP/2 frame handling enables request smuggling on misconfigured production sites. Update to current .NET releases and enforce strict header validation to close the exposure.
-
Addressing the Recent Kestrel Header Parsing Advisory
A Microsoft advisory details a denial-of-service risk in Kestrel's HTTP/2 header handling affecting ASP.NET Core production sites. Learn the scope of impact and the concrete configuration and patching steps required to close the exposure.
-
Mitigating Recent Kestrel Request Handling Issues
A recent Microsoft advisory highlights risks in Kestrel's HTTP request processing for ASP.NET Core applications. Production sites must apply configuration changes and update to current .NET releases to prevent potential request smuggling and denial of service.
-
Mitigating CVE-2023-38180 in ASP.NET Core Kestrel
ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.