Description

.NET Remoting is a Microsoft technology for interprocess communication. Acunetix detected a .NET Remoting over HTTP endpoint on the web application. The technology depends on SoapFormater serialization mechanism which is vulnerable to deserialization attack by default.

Remediation

Restrict access to the .NET Remoting endpoint.

References

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

Related Vulnerabilities

Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8164)

Liferay DXP Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2022-22005)

LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)

Deserialization of Untrusted Data (Java JSON Deserialization) Genson

Severity

High

Classification

CWE-502 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization