Description

.NET Remoting is a Microsoft technology for interprocess communication. Acunetix detected a .NET Remoting over HTTP endpoint on the web application. The technology depends on SoapFormater serialization mechanism which is vulnerable to deserialization attack by default.

Remediation

Restrict access to the .NET Remoting endpoint.

References

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

Related Vulnerabilities

WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)

WS_FTP AHT Deserialization RCE (CVE-2023-40044)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-19849)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2018-19396)

Severity

High

Classification

CWE-502 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization