Authentication Bypass Affecting system.net.http Open this link in a new tab package, versions [,4.1.2) [4.3,4.3.2)
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-DOTNET-SYSTEMNETHTTP-60048
-
published
12 May 2017
-
disclosed
12 May 2017
-
credit
Mikhail Shcherbakov
Introduced: 12 May 2017
CVE-2017-0256 Open this link in a new tabOverview
The ASP.NET Core fails to properly sanitize the Web Request Handler component, allowing an attacker to spoof web requests and bypass authentication.