This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 27%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAO%3C/text%3E%3C/svg%3E)
Hello ,
Our company has recently conducted a vulnerability scan on our Azure VMs and identified a few issues relating to ASP.Core, we have complied the issues in a spreadsheet as well as the corresponding solution to the issues, however we are a bit unclear on the instructions for applying these updates to our servers, we have attempted a few of the solutions however these do not seem update the assembly .dll which are vulnerable on our servers.
Below are 4 of the updates we are unsure how to implement on our servers , the links in the solutions were unclear to us, any assistance would be appreciated.
Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
The Microsoft .NET and ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
http://www.nessus.org/u?59900f80
Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018) The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages. The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
--- Security Update for .NET Core SDK (March 2019) The remote Windows host is affected by a tampering vulnerability. The remote Windows host has an installation of .NET Core SDK with a version of 1.x < 1.1.13 or 2.1.x < 2.1.505. Therefore, the host is affected by a tampering vulnerability with in the NuGet Package Manager. An authenticated, attacker can exploit this, via manipulating the folder contents prior to building or installing a application, to modify files and folders after unpacking. http://www.nessus.org/u?8b5a86c1
--- Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018) The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages. The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates.
An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validate certificates. (CVE-2018-8356) Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory. http://www.nessus.org/u?3e10f501
--- Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
The Microsoft .NET and ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. The update addresses the vulnerability by validating the number of incorrect login attempts. (CVE-2018-
Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.
http://www.nessus.org/u?59900f80
Maybe these ones help.
https://devblogs.microsoft.com/dotnet/net-january-2021/
--please don't forget to Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
Update asp.net Core, remove vulnerable packages and refer to information below.
Microsoft Security Advisory CVE-2018-8171: ASP.NET Core Security Feature Bypass Vulnerability
https://github.com/aspnet/Announcements/issues/310
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl