Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for aspnetcore by microsoft
VAR-201711-0165
Vulnerability from variot - Updated: 2023-12-18 12:37.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "101835"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
],
"trust": 0.9
},
"cve": "CVE-2017-11883",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-11883",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-11883",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11883",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-37113",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-511",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "BID",
"id": "101835"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11883",
"trust": 3.3
},
{
"db": "BID",
"id": "101835",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1039793",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37113",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"id": "VAR-201711-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
}
]
},
"last_update_date": "2023-12-18T12:37:09.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11883"
},
{
"title": "CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11883"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2017-37113)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/110493"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/101835"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11883"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039793"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11883"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11883"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101835"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"date": "2017-11-15T03:29:01.953000",
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101835"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
],
"trust": 0.6
}
}
VAR-201711-0194
Vulnerability from variot - Updated: 2023-12-18 12:03.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core security update Advisory ID: RHSA-2017:3248-01 Product: dotNET on RHEL Advisory URL: https://access.redhat.com/errata/RHSA-2017:3248 Issue date: 2017-11-20 CVE Names: CVE-2017-8585 CVE-2017-11770 =====================================================================
- Summary:
A security update for .NET Core on RHEL is now available.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate
- Package List:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-11770 https://access.redhat.com/security/updates/classification/#low
https://github.com/dotnet/announcements/issues/34 https://github.com/dotnet/announcements/issues/44
https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7 qK6A1l+OTjiiqdhM/cGc8ZU= =DZ68 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bachraty Gergely",
"sources": [
{
"db": "BID",
"id": "101710"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-11770",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-11770",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11770",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-585",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\". \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core security update\nAdvisory ID: RHSA-2017:3248-01\nProduct: dotNET on RHEL\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:3248\nIssue date: 2017-11-20\nCVE Names: CVE-2017-8585 CVE-2017-11770 \n=====================================================================\n\n1. Summary:\n\nA security update for .NET Core on RHEL is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNew versions of .NET Core that address several security vulnerabilities are\nnow available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture\n1512992 - CVE-2017-11770 dotNET: DDos via bad certificate\n\n6. Package List:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-8585\nhttps://access.redhat.com/security/cve/CVE-2017-11770\nhttps://access.redhat.com/security/updates/classification/#low\n\nhttps://github.com/dotnet/announcements/issues/34\nhttps://github.com/dotnet/announcements/issues/44\n\nhttps://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7\nqK6A1l+OTjiiqdhM/cGc8ZU=\n=DZ68\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "BID",
"id": "101710"
},
{
"db": "PACKETSTORM",
"id": "145048"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11770",
"trust": 2.8
},
{
"db": "BID",
"id": "101710",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1039787",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "145048",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"id": "VAR-201711-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21178882
},
"last_update_date": "2023-12-18T12:03:48.731000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11770"
},
{
"title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2017-11770"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76424"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11770"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3248"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101710"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039787"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11770"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11770"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/44"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/34"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8585"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-11770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101710"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"date": "2017-11-20T22:22:00",
"db": "PACKETSTORM",
"id": "145048"
},
{
"date": "2017-11-15T03:29:00.247000",
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101710"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"date": "2019-04-16T20:01:07.733000",
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
],
"trust": 0.6
}
}
CVE-2017-11883 (GCVE-0-2017-11883)
Vulnerability from nvd – Published: 2017-11-15 03:00 – Updated: 2024-09-16 23:06
VLAI
Summary
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101835 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1039793 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | ASP.NET |
Affected:
ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0
|
Date Public
2017-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"name": "101835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101835"
},
{
"name": "1039793",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0"
}
]
}
],
"datePublic": "2017-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"name": "101835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101835"
},
{
"name": "1039793",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"name": "101835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101835"
},
{
"name": "1039793",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11883",
"datePublished": "2017-11-15T03:00:00.000Z",
"dateReserved": "2017-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:51.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11770 (GCVE-0-2017-11770)
Vulnerability from nvd – Published: 2017-11-15 03:00 – Updated: 2024-09-16 22:41
VLAI
Summary
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1039787 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:3248 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/101710 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | .NET Core |
Affected:
.NET Core 1.0, .NET Core 1.1, and .NET Core 2.0
|
Date Public
2017-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039787",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"name": "RHSA-2017:3248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "101710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0"
}
]
}
],
"datePublic": "2017-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T21:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039787",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"name": "RHSA-2017:3248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "101710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039787",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039787"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"name": "RHSA-2017:3248",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "101710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11770",
"datePublished": "2017-11-15T03:00:00.000Z",
"dateReserved": "2017-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:41:39.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11770 (GCVE-0-2017-11770)
Vulnerability from cvelistv5 – Published: 2017-11-15 03:00 – Updated: 2024-09-16 22:41
VLAI
Summary
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1039787 | vdb-entryx_refsource_SECTRACK |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:3248 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/101710 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | .NET Core |
Affected:
.NET Core 1.0, .NET Core 1.1, and .NET Core 2.0
|
Date Public
2017-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:38.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039787",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"name": "RHSA-2017:3248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "101710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Core",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0"
}
]
}
],
"datePublic": "2017-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T21:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039787",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"name": "RHSA-2017:3248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "101710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039787",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039787"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"name": "RHSA-2017:3248",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "101710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11770",
"datePublished": "2017-11-15T03:00:00.000Z",
"dateReserved": "2017-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:41:39.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11883 (GCVE-0-2017-11883)
Vulnerability from cvelistv5 – Published: 2017-11-15 03:00 – Updated: 2024-09-16 23:06
VLAI
Summary
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101835 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1039793 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft Corporation | ASP.NET |
Affected:
ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0
|
Date Public
2017-11-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:19:39.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"name": "101835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101835"
},
{
"name": "1039793",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0"
}
]
}
],
"datePublic": "2017-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-15T10:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"name": "101835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101835"
},
{
"name": "1039793",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"name": "101835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101835"
},
{
"name": "1039793",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-11883",
"datePublished": "2017-11-15T03:00:00.000Z",
"dateReserved": "2017-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:06:51.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}