Description
.NET Remoting is a Microsoft technology for interprocess communication. Invicti detected a .NET Remoting over HTTP endpoint on the web application. The technology depends on SoapFormater serialization mechanism which is vulnerable to deserialization attack by default.
Remediation
Restrict access to the .NET Remoting endpoint.
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11113)
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
phpMyAdmin Deserialization of Untrusted Data Vulnerability (CVE-2016-6620)