.NET HTTP Remoting Remote Code Execution

high Web App Scanning Plugin ID 114274

Language:

Synopsis

.NET HTTP Remoting Remote Code Execution

Description

.NET Remoting is a Microsoft feature designed for interprocess communication. When using HTTP channels, a remote and unauthenticated attacker can craft specific payloads to bypass the framework security validations and achieve remote code execution through deserialization.

Solution

Apply Microsoft security update KB5033911 and ensure that the microsoft:Remoting:LateHttpHeaderParsing configuration the Web.config file is not set to 'true'.

See Also

https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/

https://support.microsoft.com/en-gb/topic/january-9-2024-kb5033911-cumulative-update-for-net-framework-3-5-and-4-8-for-windows-10-version-1809-and-windows-server-2019-94a7eedd-faa6-4aee-bc06-0a79d838e6dd

Plugin Details

Severity: High

ID: 114274

Type: remote

Family: Component Vulnerability

Published: 4/26/2024

Updated: 4/26/2024

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-29059

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS Score Source: CVE-2024-29059

Vulnerability Information

CPE: cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/9/2024

Vulnerability Publication Date: 1/9/2024

Reference Information

CVE: CVE-2024-29059

CWE: 209

OWASP: 2010-A6, 2013-A5, 2013-A9, 2017-A6, 2017-A9, 2021-A4, 2021-A6

WASC: Information Leakage

CAPEC: 215, 463, 54, 7

DISA STIG: APSC-DV-002570, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-CM-6b, sp800_53-SI-11

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-14.2.1, 4.0.2-14.3.1

PCI-DSS: 3.2-6.2, 3.2-6.5.5