Description

.NET Remoting is a Microsoft technology for interprocess communication. Acunetix detected a .NET Remoting over HTTP endpoint on the web application. The technology depends on SoapFormater serialization mechanism which is vulnerable to deserialization attack by default.

Remediation

Restrict access to the .NET Remoting endpoint.

References

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.34)

Kentico CMS Deserialization RCE

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38023)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14892)

Severity

High

Classification

CWE-502 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization