.NET HTTP Remoting publicly exposed
Description
.NET Remoting is a legacy Microsoft framework for inter-process communication that allows applications to invoke methods on remote objects. This vulnerability indicates that a .NET Remoting endpoint using HTTP transport has been detected and is publicly accessible. By default, .NET Remoting relies on the SoapFormatter or BinaryFormatter for serialization, both of which are inherently vulnerable to insecure deserialization attacks that can lead to remote code execution.
Remediation
Immediately restrict network access to the .NET Remoting endpoint so it is not publicly accessible. Implement one or more of the following mitigations:<br/><br/>1. <b>Network-level restrictions:</b> Use firewall rules, network segmentation, or IP whitelisting to ensure only trusted internal systems can access the endpoint.<br/><br/>2. <b>Migrate away from .NET Remoting:</b> Since .NET Remoting is deprecated and inherently insecure, migrate to modern alternatives such as WCF with secure bindings, gRPC, or ASP.NET Core Web APIs with proper authentication and authorization.<br/><br/>3. <b>Implement authentication:</b> If immediate migration is not possible, configure IIS or your hosting environment to require authentication (Windows Authentication, client certificates, or other strong authentication mechanisms) before allowing access to the remoting endpoint.<br/><br/>4. <b>Apply serialization binders:</b> As a temporary mitigation, implement a custom SerializationBinder to restrict which types can be deserialized, though this is not a complete solution and migration is still necessary.