微软修复ASP.NET Core高危漏洞可劫持用户凭据

DoNews

Oct 18

科技媒体bleepingcomputer报道，微软于10月17日修复了编号CVE-2025-55315的HTTP请求走私漏洞，该漏洞被官方标记为"ASP.NET Core史上最严重漏洞"。该漏洞存在于ASP.NET Core的Kestrel Web服务器中，允许攻击者通过构造恶意HTTP请求，实现劫持其他用户凭据、绕过安全控制等操作。根据微软安全公告，成功利用该漏洞可能导致用户敏感信息泄露、服务器...

Source Link

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2576109094"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2576109094\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2576109094?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-10-18 12:05","share_image_url":"https://static.laohu8.com/9a95c1376e76363c1401fee7d3717173","id":"2576109094","market":"us","top_or_hot":-1,"title":"微软修复ASP.NET Core高危漏洞 可劫持用户凭据","media":"DoNews","content":"<div>\n<p>科技媒体bleepingcomputer报道，微软于10月17日修复了编号CVE-2025-55315的HTTP请求走私漏洞，该漏洞被官方标记为\"ASP.NET Core史上最严重漏洞\"。该漏洞存在于ASP.NET Core的Kestrel Web服务器中，允许攻击者通过构造恶意HTTP请求，实现劫持其他用户凭据、绕过安全控制等操作。根据微软安全公告，成功利用该漏洞可能导致用户敏感信息泄露、服务器...</p>\n\n<a href=\"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20251018120754a466193f&s=b\">Source Link</a>\n\n</div>\n","source":"tencent","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>微软修复ASP.NET Core高危漏洞 可劫持用户凭据</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n微软修复ASP.NET Core高危漏洞 可劫持用户凭据\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-10-18 12:05 北京时间&nbsp;&nbsp;&nbsp;<a href=http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20251018120754a466193f&s=b><strong>DoNews</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>科技媒体bleepingcomputer报道，微软于10月17日修复了编号CVE-2025-55315的HTTP请求走私漏洞，该漏洞被官方标记为\"ASP.NET Core史上最严重漏洞\"。该漏洞存在于ASP.NET Core的Kestrel Web服务器中，允许攻击者通过构造恶意HTTP请求，实现劫持其他用户凭据、绕过安全控制等操作。根据微软安全公告，成功利用该漏洞可能导致用户敏感信息泄露、服务器...</p>\n\n<a href=\"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20251018120754a466193f&s=b\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"LU1852331112.SGD","symbol_name":"Blackrock World Technology Fund A2 SGD-H","start_time":0,"source_url":"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20251018120754a466193f&s=b","article_id":"2576109094","we_media_id":null,"thumbnails":[],"rights":{"source":"tencent","url":"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20251018120754a466193f&s=b","rn_cache_url":null,"customStyle":"body{padding-top:10px;}#news_title{font-weight:bold;#titleStyle#;}#news_description span{font-size:12px;#descriptionStyle#;}.footer-note{#statement#}","selectors":".mod-LoadTzbdNews, body","filters":".relate-stock, .hot-list, .recom-box, .wx-sou","directOrigin":true},"url":"https://stock-news.laohu8.com/highlight/detail?id=2576109094","pubTimestamp":1760760302,"columns":[],"sourceInfo":{"source_id":"tencent","name":"腾讯"},"weMediaInfo":null,"summary":"科技媒体bleepingcomputer报道，微软于10月17日修复了编号CVE-2025-55315的HTTP请求走私漏洞，该漏洞被官方标记为\"ASP.NET Core史上最严重漏洞\"。该漏洞存在于ASP.NET Core的Kestrel Web服务器中，允许攻击者通过构造恶意HTTP请求，实现劫持其他用户凭据、绕过安全控制等操作。根据微软安全公告，成功利用该漏洞可能导致用户敏感信息泄露、服务器文件篡改甚至服务崩溃。.NET安全项目经理Barry Dorrans指出，漏洞实际危害程度取决于应用程序的具体编码逻辑。","collect":0,"end_time":0,"defaultTopTitle":"qq.com","property":[],"viewcount":null,"language":"zh","relate_stocks":{"LU1852331112.SGD":"Blackrock World Technology Fund A2 SGD-H","BK4532":"文艺复兴科技持仓","LU1261432733.SGD":"Fidelity World A-ACC-SGD","LU0289960550.SGD":"AB FCP I - GLOBAL EQUITY BLEND PORTFOLIO 'A' (SGD) ACC","LU0234572021.USD":"高盛美国核心股票组合Acc","LU1697837992.HKD":"BGF DYNAMIC HIGH INCOME \"A6\" (HKDHDG) INC","LU2458330243.SGD":"FRANKLIN SHARIAH TECHNOLOGY \"A-H1\" (SGDHDG) ACC","LU2092937148.SGD":"Blackrock ESG Multi-Asset A8 SGD-H","IE00BYQQ9H92.USD":"BNY MELLON GLOBAL LEADERS \"A\" (USD) ACC","LU1221951129.SGD":"NORDEA 1 STABLE RETURN \"HM\" (SGDHDG) INC","BK4503":"景林资产持仓","LU0203202063.USD":"AB SICAV I - ALL MARKET INCOME PORTFOLIO \"A2X\" (USD) ACC","LU2506952097.USD":"BNP PARIBAS SUSTAINABLE GLOBAL LOW VOL EQUITY \"CRH\" (USDHDG) ACC","LU1551013425.SGD":"Allianz Income and Growth Cl AMg2 DIS H2-SGD","LU2125909593.SGD":"Natixis Thematics Meta R/A SGD","LU0354030438.USD":"富国美国大盘成长基金Cl A Acc","LU0719512351.SGD":"JPMorgan Funds - US Technology A (acc) SGD","LU1145028129.USD":"ALLIANZ INCOME AND GROWTH \"AQ\" (USD) INC","LU0683600562.USD":"AB SELECT US EQUITY \"A\" (USD) ACC","LU2087625088.SGD":"ALLSPRING  US ALL CAP GROWTH \"A\" (SGDHDG) ACC","LU0170899867.USD":"EASTSPRING INVESTMENTS WORLD VALUE EQUITY  \"A\" (USD) ACC","LU2746668974.SGD":"MANULIFE DYNAMIC LEADERS \"AA\" (SGDHDG) ACC","LU2210149790.SGD":"Natixis Thematics Subscription Economy R/A SGD-H","LU0320765059.SGD":"FTIF - Franklin US Opportunities A Acc SGD","LU0528227936.USD":"富达环球人口趋势基金A-ACC","IE00BJLML261.HKD":"HSBC GLOBAL EQUITY INDEX \"HCH\" (HKD) ACC","IE00BMPRXR70.SGD":"Neuberger Berman 5G Connectivity A Acc SGD-H","SG9999014898.SGD":"United Global Quality Growth Fund Dis SGD","LU2210150020.SGD":"Natixis Thematics Subscription Economy R/A SGD","LU0310799852.SGD":"FTIF - Templeton Global Equity Income A MDIS SGD","LU0109391861.USD":"富兰克林美国机遇基金A Acc","LU0238689110.USD":"贝莱德环球动力股票基金","LU1804176565.USD":"EASTSPRING INV GLOBAL GROWTH EQUITY \"A\" (USD) ACC","LU0096362180.USD":"CT (LUX) I GLOBAL FOCUS \"DU\" (USD)","LU2095319765.USD":"Natixis Thematics Subscription Economy R/A USD","LU1116320737.USD":"BGF SYSTEMATIC GLOBAL ENHANCED EQUITY YIELD \"A6\" (USD) INC","LU0708995401.HKD":"FRANKLIN U.S. OPPORTUNITIES \"A\" (HKD) ACC","LU0149725797.USD":"汇丰美国股市经济规模基金","IE00B3SWFQ91.USD":"PIMCO BALANCED INCOME AND GROWTH \"E\" (USD) INC","LU0894485498.HKD":"SCHRODER ISF GLOBAL MULTI-ASSET INCOME \"A\" (HKD) ACC","LU2360032135.SGD":"ALLSPRING GLOBAL EQUITY ENHANCED INCOME \"A\" (SGDHDG) INC","IE00B19Z8W00.USD":"FTGF CLEARBRIDGE US LARGE CAP GROWTH \"A\" INC","LU1551013342.USD":"Allianz Income and Growth Cl AMg2 DIS USD","LU2097344431.USD":"SCHRODER ISF SUSTAINABLE MULTI-ASSET INCOME \"A\" (USDHDG) INC","IE0034235303.USD":"PINEBRIDGE US RESEARCH ENHANCED CORE EQUITY \"A\" (USD) ACC","LU0882574139.USD":"富达环球消费行业基金A ACC","LU2552382132.HKD":"WELLINGTON US BRAND POWER \"A\" (HKD) ACC","LU2361045086.USD":"WELLINGTON US QUALITY GROWTH \"A\" (USD) ACC","MSFT":"微软","LU1280957306.USD":"THREADNEEDLE (LUX) US CONTRARIAN CORE EQUITIES \"AUP\" (USD) INC"},"translate_title":"Microsoft fixes high-risk vulnerability in ASP.NET Core that can hijack user credentials","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"MSFT":1.5},"content_text":"科技媒体bleepingcomputer报道，微软于10月17日修复了编号CVE-2025-55315的HTTP请求走私漏洞，该漏洞被官方标记为\"ASP.NET Core史上最严重漏洞\"。该漏洞存在于ASP.NET Core的Kestrel Web服务器中，允许攻击者通过构造恶意HTTP请求，实现劫持其他用户凭据、绕过安全控制等操作。根据微软安全公告，成功利用该漏洞可能导致用户敏感信息泄露、服务器文件篡改甚至服务崩溃。.NET安全项目经理Barry Dorrans指出，漏洞实际危害程度取决于应用程序的具体编码逻辑。微软建议开发者立即采取修复措施：运行.NET 8及以上版本需安装官方更新并重启应用；使用.NET 2.3版本需将Kestrel核心包更新至2.3.6版并重新编译部署。","kind":"news","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}

微软修复ASP.NET Core高危漏洞 可劫持用户凭据

Most Discussed

微软修复ASP.NET Core高危漏洞可劫持用户凭据