Tag

CVE

4 posts tagged with this.

All posts RSS
  1. Official Blog
    · 1 min read

    Mitigating the 2026 ASP.NET Core Deserialization Advisory

    A deserialization flaw disclosed in March 2026 affects ASP.NET Core applications running on .NET 9 and earlier. Production sites must update to the current LTS release and tighten serialization settings to prevent remote code execution.
  2. Official Blog
    · 1 min read

    Mitigating CVE-2023-38180 in ASP.NET Core Kestrel

    ASP.NET Core sites face denial-of-service risk from CVE-2023-38180 when Kestrel processes crafted HTTP/2 requests. Apply patches and set Kestrel limits to keep production services responsive.
  3. Official Blog
    · 2 min read

    Mitigating CVE-2023-44487: HTTP/2 Rapid Reset in .NET Apps

    CVE-2023-44487 exposes HTTP/2 servers to a high-amplification denial of service attack known as Rapid Reset. Learn exactly how it impacts ASP.NET Core applications on Kestrel and IIS, plus the updates, Kestrel configuration, and monitoring practices needed to keep your production sites online.
  4. Official Blog
    · 4 min read

    Mitigating CVE-2023-44487: HTTP/2 Rapid Reset on .NET Servers

    CVE-2023-44487 enables devastating DDoS attacks by exploiting HTTP/2 stream resets. Learn exactly which .NET and Windows components are vulnerable, the precise configuration changes required, and code examples that add rate limiting to your ASP.NET Core applications for robust protection.