CVE-2023-36038
📋 TL;DR
This vulnerability in ASP.NET Core allows attackers to cause denial of service by sending specially crafted requests that consume excessive resources. It affects ASP.NET Core applications running on Windows, Linux, and macOS. The vulnerability is exploitable remotely without authentication.
💻 Affected Systems
- ASP.NET Core
- .NET Core
📦 What is this software?
Asp.net Core by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete application unavailability, resource exhaustion leading to server crashes, and potential cascading failures in dependent services.
Likely Case
Application performance degradation, intermittent service disruptions, and increased resource utilization affecting legitimate users.
If Mitigated
Minimal impact with proper rate limiting, request filtering, and updated runtime components in place.
🎯 Exploit Status
The vulnerability requires sending specially crafted HTTP requests but does not require authentication or special privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ASP.NET Core 6.0.24, 7.0.13, and .NET Core 3.1.32
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36038
Restart Required: Yes
Instructions:
1. Identify your ASP.NET Core version. 2. Update to the patched version via package manager (dotnet update, apt-get, yum, etc.). 3. Restart the application and web server. 4. Verify the update was successful.
🔧 Temporary Workarounds
Rate Limiting
allImplement request rate limiting to prevent excessive resource consumption from single sources.
Use ASP.NET Core middleware like Microsoft.AspNetCore.RateLimiting
Request Size Limits
allConfigure maximum request size limits in Kestrel to prevent large malicious requests.
Configure in Program.cs: builder.WebHost.ConfigureKestrel(options => { options.Limits.MaxRequestBodySize = 1000000; })
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block suspicious request patterns
- Deploy reverse proxy with request filtering and rate limiting capabilities
🔍 How to Verify
Check if Vulnerable:
Check ASP.NET Core version with: dotnet --info or examine application runtime versionCheck Version:
dotnet --info | findstr "Version"Verify Fix Applied:
Verify installed version is 6.0.24, 7.0.13, or 3.1.32 or higher📡 Detection & Monitoring
Log Indicators:
- Unusually high CPU/memory usage spikes
- Increased error rates in application logs
- Requests with abnormal patterns or sizes
Network Indicators:
- Sudden increase in incoming HTTP traffic
- Requests with unusual headers or payloads
SIEM Query:
source="*aspnet*" AND (cpu_usage>90 OR memory_usage>90) AND http_request_count>1000