ASP.NET Core Denial of Service Vulnerability (January 2019)
Medium Nessus Plugin ID 121109
SynopsisThe Microsoft ASP.NET Core Hosting Bundle installation on the remote host contains vulnerable package.
DescriptionA denial of service (DoS) vulnerability exists in ASP.NET Core Hosting Bundle module AspNetCoreModule (ANCM) due to improper handling of web requests. An unauthenticated, remote attacker can exploit this issue, via specially crafted requests, to cause the hosted application to stop responding..
SolutionUpdate ASP.NET Core, remove vulnerable packages and refer to vendor advisory.