{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-1045", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "dateUpdated": "2024-08-04T06:25:01.041Z", "dateReserved": "2019-11-04T00:00:00", "datePublished": "2020-09-11T00:00:00"}, "containers": {"cna": {"title": "Microsoft ASP.NET Core Security Feature Bypass Vulnerability", "datePublic": "2020-09-08T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "ASP.NET Core 2.1", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:2.1*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "2.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "ASP.NET Core 3.1", "cpes": ["cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "3.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>\n<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>\n<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>\n", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Security Feature Bypass", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-31T21:34:37.415Z"}, "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045"}, {"name": "FEDORA-2020-e2deb72e0f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/"}, {"name": "FEDORA-2020-48fa1ad65c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/"}, {"url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318"}, {"url": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600"}, {"url": "https://access.redhat.com/errata/RHSA-2020:3699"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:25:01.041Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045", "tags": ["x_transferred"]}, {"name": "FEDORA-2020-e2deb72e0f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/"}, {"name": "FEDORA-2020-48fa1ad65c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/"}, {"url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2020:3699", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6237BE3-2B52-4E81-BEB4-AC370C79CD6F", "versionEndIncluding": "2.1.21", "versionStartIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "30C25D29-DA72-404C-934E-7CCA3CCB8793", "versionEndExcluding": "3.1.8", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "7883DE07-470D-4160-9767-4F831B75B9A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D5F4FA7-E5C5-4C23-BDA8-36A36972E4F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "5CA4F12A-5BC5-4D75-8F20-80D8BB2C5BF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C24797C-0397-4D4F-ADC3-3B99095DBB35", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "BF14A415-15BD-4A6C-87CF-675E09390474", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "C237415F-33FE-4686-9B19-A0916BF75D2D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>\n<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>\n<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>\n"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en la manera en que Microsoft ASP.NET Core analiza los nombres de cookies codificados. El analizador de cookies de ASP.NET Core decodifica cadenas de cookies completas que podr\u00edan permitir a un atacante malicioso establecer una segunda cookie con el nombre codificado en porcentaje. La actualizaci\u00f3n de seguridad aborda la vulnerabilidad al corregir la manera en que el analizador de cookies ASP.NET Core maneja los nombres codificados, tambi\u00e9n se conoce como \"Microsoft ASP.NET Core Security Feature Bypass Vulnerability\""}], "id": "CVE-2020-1045", "lastModified": "2023-12-31T22:15:55.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-09-11T17:15:18.307", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:3699"}, {"source": "secure@microsoft.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318"}, {"source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LN2FUVBSVPGK7AU3NMLO3YR6CGONQPB/"}, {"source": "secure@microsoft.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASICXQXS4M7MTAF6SGQMCLCA63DLCUT3/"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-RHEL8-DOTNET-1439600"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3697", "cpe": "cpe:/a:redhat:rhel_dotnet:3.1::el7", "package": "rh-dotnet31-dotnet-0:3.1.108-1.el7", "product_name": ".NET Core on Red Hat Enterprise Linux", "release_date": "2020-09-08T00:00:00Z"}, {"advisory": "RHSA-2020:3699", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "dotnet3.1-0:3.1.108-2.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-09-08T00:00:00Z"}], "bugzilla": {"description": "dotnet: ASP.NET cookie prefix spoofing vulnerability", "id": "1873451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873451"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-807", "details": ["<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>\n<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>\n<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>", "A flaw was found in ASP.NET. Certain cookie values are not properly decoded allowing a remote attacker to bypass the \"Cookie Prefixes\" security mechanism. The highest threat from this vulnerability is to data integrity."], "name": "CVE-2020-1045", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2020-07-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1045\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1045\nhttps://github.com/dotnet/aspnetcore/issues/23578\nhttps://github.com/dotnet/aspnetcore/pull/24264\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045"], "statement": "The \"Cookie Prefixes\" feature is not used by default in ASP.NET. Successful exploitation likely requires a secondary vulnerability, for example a cross-site scripting issue.", "threat_severity": "Important"}