Description
.NET Remoting is a Microsoft technology for interprocess communication. Acunetix detected a .NET Remoting over HTTP endpoint on the web application. The technology depends on SoapFormater serialization mechanism which is vulnerable to deserialization attack by default.
Remediation
Restrict access to the .NET Remoting endpoint.
References
Related Vulnerabilities
IBM WebSphere RCE Java Deserialization Vulnerability
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2018-16476)
JBoss InvokerTransformer Remote Code Execution
Oracle E-Business Suite Deserialization RCE
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)