Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Microsoft.AspNetCore DoS vulnerability, how to resolve for .Net Framework projects RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a .Net Web API project targeting .Net Framework 4.6, in this project I have Microsoft.AspNetCore 2.2.0.0 DLL.

    I have read that Microsoft.AspNetCore 2.2.0.0 DLL has DoS (Denial of Service) security vulnerability.

    https://github.com/aspnet/AspNetCore/issues/6488

    When I look into the recommended resolution it says to upgrade to Version 2.7, now issue is I can't upgrade to 2.7 as highest I can upgraded for .Net Framework is 2.2.0.0 which I already have.

    Query:

    1. Is this security vulnerability only for apps created by targeting .Net Core and not .Net Framework even though Microsoft.AspNetCore 2.2.0.0 library is used?

    2. If first is true, then does it mean I don't have to do anything for this security vulnerability? If not, then what should I do to get over this security concern (given that I can't upgrade Microsoft.AspNetCore to 2.7 in a .Net Framework project)?

    sujit

    Friday, October 25, 2019 5:49 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a .Net Web API project targeting .Net Framework 4.6, in this project I have Microsoft.AspNetCore 2.2.0.0 DLL.

    I have read that Microsoft.AspNetCore 2.2.0.0 DLL has DoS (Denial of Service) security vulnerability.

    https://github.com/aspnet/AspNetCore/issues/6488

    When I look into the recommended resolution it says to upgrade to Version 2.7, now issue is I can't upgrade to 2.7 as highest I can upgraded for .Net Framework is 2.2.0.0 which I already have.

    Query:

    1. Is this security vulnerability only for apps created by targeting .Net Core and not .Net Framework even though Microsoft.AspNetCore 2.2.0.0 library is used?

    2. If first is true, then does it mean I don't have to do anything for this security vulnerability? If not, then what should I do to get over this security concern (given that I can't upgrade Microsoft.AspNetCore to 2.7 in a .Net Framework project)?

    sujit

    Friday, October 25, 2019 5:53 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi sujit1779,

    Thank you for posting here.

    According to your description, your issue is more related to ASP.NET Core. Therefore, it will be more appropriate to ask your question in ASP.NET Core Forums

    The CLR Forum discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. Also discuss all the other Microsoft libraries that are built on or extend the .NET Framework, including Managed Extensibility Framework (MEF), Charting Controls, CardSpace, Windows Identity Foundation (WIF), Point of Sale (POS), Transactions.

    Thank you for your understanding.

    Best Regards,

    Xingyu Zhao

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, October 28, 2019 2:11 AM