Miggo Logo

CVE-2018-8292: .NET Core Information Disclosure

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.86557%
Published
4/21/2021
Updated
1/9/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
System.Net.Httpnuget< 4.3.44.3.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of HTTP redirects in System.Net.Http, specifically exposing authentication headers during cross-domain redirections. The RedirectHandler.SendAsync method is central to redirect logic in .NET Core's HTTP stack. Since the advisory explicitly mentions redirect-related information disclosure and System.Net.Http is the affected package, the redirect handling mechanism (particularly header propagation logic) is the most likely culprit. The confidence is high because this aligns with the described vulnerability pattern and the component's responsibility.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n in*orm*tion *is*losur* vuln*r**ility *xists in .N*T *or* w**n *ut**nti**tion in*orm*tion is in**v*rt*ntly *xpos** in * r**ir**t, *k* ".N*T *or* In*orm*tion *is*losur* Vuln*r**ility." T*is *****ts .N*T *or* *.*, .N*T *or* *.*, .N*T *or* *.*, Pow*rS

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* `*TTP` r**ir**ts in `Syst*m.N*t.*ttp`, sp**i*i**lly *xposin* *ut**nti**tion *****rs *urin* *ross-*om*in r**ir**tions. T** `R**ir**t**n*l*r.S*n**syn*` m*t*o* is **ntr*l to r**ir**t lo*i* in `.N*T` *or*