Skip to main content

ASP.Net Core 1.1 DOS Vulnerability



January 2017 Update for ASP.NET Core 1.1












Yesterday, Microsoft released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. 

Affected Software

The vulnerability affects any Microsoft ASP.NET Core project if it uses the following affected package version.
Affected package and version
Package name
Package version
Microsoft.AspNetCore.Mvc.Core
1.1.0


At Assemblysoft we specialise in Custom Software Development tailored to your requirements. We have experience creating Booking solutions, as we did for HappyCamperVan Hire. You can read more here.

We can onboard and add value to your business rapidly. We are an experienced Full-stack development team able to provide specific technical expertise or manage your project requirements end to end. We specialise in the Microsoft cloud and .NET Solutions and Services. Our developers are Microsoft Certified. We have real-world experience developing .NET applications and Azure Services for a large array of business domains. If you would like some assistance with Azure | Azure DevOps Services | Blazor Development  or in need of custom software development, from an experienced development team in the United Kingdom, then please get in touch, we would love to add immediate value to your business.

Assemblysoft - Your Safe Pair of Hands

https://assemblysoft.com/

Advisory FAQ

How do I know if I am affected?
ASP.NET Core has two different types of dependencies, direct and transitive. If your project has a direct or transitive dependency on Microsoft.AspNetCore.Mvc.Core version 1.1.0 you are affected.
Full details of the advisory can be found here: https://technet.microsoft.com/en-us/library/security/4010983
Further details on how to obtain the update and instructions for install can be found on the .Net Core Blog: https://blogs.msdn.microsoft.com/dotnet/
Although we are so excited about cross platform development with our favourite tooling and embracing .Net Core, it keeps us mindful that we are still in the early stages of the journey and should consider carefully when choosing whether now is the right time to embark on a full blown production adoption for enterprise wide solutions.
or checkout some other musings via my blazor.net and azure blog here carlrandall.net


Popular posts from this blog

Windows Azure Storage Emulator failed to install

CodeProject Windows Azure Storage Emulator failed to install When attempting to install a new version of the Azure Storage Emulator either as a separate installation package or automatically as part of an Azure SDK update, you may run into an error message which states the storage emulator has failed to install. This can occur using the Web Platform Installer (WebPI), NuGet Package Manager or when performing the install manually. Below is the message received using the WebPI.   Storage Emulator Background  (optional reading) The windows azure storage emulator executable lives under the Microsoft SDKs directory as shown below: Configuration If we take a quick look inside the WAStorageEmulator.exe.config file we can see each of the storage services pointing to local service endpoints. <StorageEmulatorConfig>     <services>       <service name=" Blob " url="http://127.0.0.1:10000/"/>       <service

Test connection to remote SQL Server Database from an Application server

While aiming to test whether a SQL connection is succeeding between an Application server and a remote Database Server, it is often not possible to install SQL Server Management Studio (SSMS) or Microsoft Command Line Utilities (MsSqlCmdLnUtils) due to the locked down nature of the targets, particularly in test and production environments. A lightweight approach that worked for me recently, makes use of components that have been a part of windows boxes for a long time, albeit different levels of database driver support as the components have evolved, the Microsoft Data Access Components (MDAC). MDAC provide a Universal Data Link, which can be configured using a common user interface for specifying connection properties as well as testing the connection.  Data Link properties dialog box At Assemblysoft we specialise in  Custom Software Development  tailored to your requirements. We have experience creating Booking solutions, as we did for HappyCamper

Debugging Python and Iron Python using Visual Studio

Now Python is a first class citizen since the release of Visual Studio 2017 and can be configured directly from the Installation IDE, below are a few settings worth bookmarking for your next python integration project. Debugging Python One of the first things you are going to want to do is step through your code when using Visual Studio, particularly as the language is dynamic and inspection of local and global scope soon becomes necessary. One thing to note is that if you start from a native python project, this is all wired up for you but if you are using .Net to call python modules or want to support an older python version, such as 2.7, you will soon see that breakpoints are not being hit due to symbols not being loaded.   Enable Just My Code To distinguish user code from non-user code in .net, Just My Code looks at two things: PDB (Program Database) files, and Optimization Program Database A .pdb file, otherwise known as a symbol file, maps the identifiers