Description
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
E
Unchanged
RL
O
RC
Changed
Affected products
- Microsoft / ASP.NET Core 2.32.3 – 2.3.6
- Microsoft / ASP.NET Core 8.08.0 – 8.0.21
- Microsoft / ASP.NET Core 9.09.0 – 9.0.10
- Microsoft / Microsoft Visual Studio 2022 version 17.1017.10.0 – 17.10.20
- Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.13
- Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.17