Description

.NET Remoting is a Microsoft technology for interprocess communication. Acunetix detected a .NET Remoting over HTTP endpoint on the web application. The technology depends on SoapFormater serialization mechanism which is vulnerable to deserialization attack by default.

Remediation

Restrict access to the .NET Remoting endpoint.

References

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

Related Vulnerabilities

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.19)

Oracle E-Business Suite Deserialization RCE

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38094)

MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

Severity

High

Classification

CWE-502 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization