Action not permitted
Modal body text goes here.
cve-2018-0764
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/102387 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1040152 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://access.redhat.com/errata/RHSA-2018:0379 | Third Party Advisory | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764 | Patch, Vendor Advisory |
▼ | Vendor | Product |
---|---|---|
Microsoft Corporation | .NET Framework and .NET Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:35:49.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102387", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102387" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "name": "RHSA-2018:0379", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "name": "1040152", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040152" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": ".NET Framework and .NET Core", "vendor": "Microsoft Corporation", "versions": [ { "status": "affected", "version": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0" } ] } ], "datePublic": "2018-01-09T00:00:00", "descriptions": [ { "lang": "en", "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-03-01T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "102387", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102387" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "name": "RHSA-2018:0379", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "name": "1040152", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040152" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2018-01-09T00:00:00", "ID": "CVE-2018-0764", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET Framework and .NET Core", "version": { "version_data": [ { "version_value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0" } ] } } ] }, "vendor_name": "Microsoft Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "102387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102387" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "name": "RHSA-2018:0379", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "name": "1040152", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040152" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-0764", "datePublished": "2018-01-10T01:00:00Z", "dateReserved": "2017-12-01T00:00:00", "dateUpdated": "2024-09-17T02:16:15.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-0764\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-01-10T01:29:00.197\",\"lastModified\":\"2021-08-12T17:19:05.447\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \\\".NET and .NET Core Denial Of Service Vulnerability\\\". This CVE is unique from CVE-2018-0765.\"},{\"lang\":\"es\",\"value\":\"Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 5.7 y.NET Core 1.0, 1.1 y 2.0 permiten una vulnerabilidad de denegaci\u00f3n de servicio (DoS) debido a la forma en la que se procesan los documentos XML. Esto tambi\u00e9n se conoce como \\\".NET and .NET Core Denial Of Service Vulnerability\\\". Este CVE es diferente de CVE-2018-0765.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDF760A-C775-457E-8091-586E56545B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87DCF0-0552-4815-8148-C9894397C5EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7302633B-E263-4F85-8A38-D5C18394F292\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D6A900C-6173-466A-B54D-683A12F53138\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A6DF09-B8E1-414D-97E7-453566055279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D400E856-2B2E-4CEA-8CA5-309FDF371CEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E039CE1F-B988-4741-AE2E-5B36E2AF9688\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDC4407-7E92-4E60-82F0-0C87D1860D3A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B320A104-9037-487E-BC9A-62B4A6B49FD0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B3A045-B08A-44E0-91BE-726753F6A362\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280FE663-23BE-45D2-9B31-5F577E390B48\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0B660D-1F30-4D45-B98B-726EDB8CB90F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6CE5198-C498-4672-AF4C-77AB4BE06C5C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280FE663-23BE-45D2-9B31-5F577E390B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0B660D-1F30-4D45-B98B-726EDB8CB90F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734112B3-1383-4BE3-8721-C0F84566B764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B0E40A-84EF-4099-A395-75D6B8CDA196\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102387\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040152\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0379\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
var-201801-1150
Vulnerability from variot
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Title: Microsoft Security Update Releases Issued: January 25, 2018
Summary
The following CVEs have undergone a major revision increment:
- CVE-2018-0764
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0764
- Version: 3.0
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0764. See https://github.com/PowerShell/Announcements /issues/2 for more information.
- Originally posted: January 9, 2018
- Updated: January 25, 2018
-
Aggregate CVE Severity Rating: Important
-
CVE-2018-0786
Revision Information:
- https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0786
- Version: 3.0
- Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0786. See https://github.com/PowerShell/Announcements /issues/3 for more information.
- Originally posted: January 9, 2018
- Updated: January 25, 2018
- Aggregate CVE Severity Rating: Important
Other Information
Recognize and avoid fraudulent email to Microsoft customers:
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.
If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.
These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.
For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0379-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0379 Issue date: 2018-03-01 CVE Names: CVE-2018-0764 =====================================================================
- Summary:
An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
-
It implements a subset of the .NET framework APIs and includes a CLR implementation.
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0764 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/52
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D hhk5BDNc5IZlJ+doPAaUxt4= =Pz4Z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1150", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 2.4, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5.1" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.7" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.6" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "4.5.2" }, { "model": ".net framework", "scope": "eq", "trust": 2.1, "vendor": "microsoft", "version": "3.5" }, { "model": ".net framework", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "4.7.1" }, { "model": ".net framework", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "2.0" }, { "model": ".net framework", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "3.0" }, { "model": "powershell core", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "6.0" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0 sp2" }, { "model": ".net framework", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "3.0 sp2" }, { "model": "powershell core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "6.0.0" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2016" }, { "model": "windows rt", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.1" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "3.0" }, { "model": ".net framework sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" } ], "sources": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-0764" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft", "sources": [ { "db": "BID", "id": "102387" } ], "trust": 0.3 }, "cve": "CVE-2018-0764", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0764", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-0764", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-0764", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201801-407", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: January 25, 2018\n********************************************************************\n\nSummary\n======= \n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0764\n \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n advisory/CVE-2018-0764\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to \n include PowerShell Core 6.0.0 because it is affected by \n CVE-2018-0764. See https://github.com/PowerShell/Announcements\n /issues/2 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n* CVE-2018-0786\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance/\n advisory/CVE-2018-0786\n - Version: 3.0\n - Reason for Revision: Revised the Affected Products table to\n include PowerShell Core 6.0.0 because it is affected by \n CVE-2018-0786. See https://github.com/PowerShell/Announcements\n /issues/3 for more information. \n - Originally posted: January 9, 2018 \n - Updated: January 25, 2018\n - Aggregate CVE Severity Rating: Important\n\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:0379-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0379\nIssue date: 2018-03-01\nCVE Names: CVE-2018-0764 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0764\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/52\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D\nhhk5BDNc5IZlJ+doPAaUxt4=\n=Pz4Z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "BID", "id": "102387" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-0764", "trust": 2.9 }, { "db": "BID", "id": "102387", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040152", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-001243", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-407", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "146116", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146617", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "id": "VAR-201801-1150", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.21178882 }, "last_update_date": "2023-12-18T13:52:49.759000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764" }, { "title": "CVE-2018-0764 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0764" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-19", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "NVD", "id": "CVE-2018-0764" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/102387" }, { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0764" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2018:0379" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1040152" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0764" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0764" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2018/at180002.html" }, { "trust": 0.3, "url": "https://github.com/powershell/announcements/issues/2" }, { "trust": 0.3, "url": "http://www.microsoft.com/net/" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e." }, { "trust": 0.1, "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e." }, { "trust": 0.1, "url": "https://github.com/powershell/announcements" }, { "trust": 0.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/" }, { "trust": 0.1, "url": "https://technet.microsoft.com/security/dn753714\u003e." }, { "trust": 0.1, "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar" }, { "trust": 0.1, "url": "https://github.com/dotnet/announcements/issues/52" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0764" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "102387" }, { "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "db": "PACKETSTORM", "id": "146116" }, { "db": "PACKETSTORM", "id": "146617" }, { "db": "NVD", "id": "CVE-2018-0764" }, { "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-09T00:00:00", "db": "BID", "id": "102387" }, { "date": "2018-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "date": "2018-01-26T13:13:13", "db": "PACKETSTORM", "id": "146116" }, { "date": "2018-03-01T23:24:00", "db": "PACKETSTORM", "id": "146617" }, { "date": "2018-01-10T01:29:00.197000", "db": "NVD", "id": "CVE-2018-0764" }, { "date": "2018-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-29T08:00:00", "db": "BID", "id": "102387" }, { "date": "2018-02-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001243" }, { "date": "2021-08-12T17:19:05.447000", "db": "NVD", "id": "CVE-2018-0764" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-407" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001243" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-407" } ], "trust": 0.6 } }
rhsa-2018_0379
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": ".NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation.\n\nNew versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.9, 1.1.6, and 2.0.5.\n\nSecurity Fix(es):\n\n* .NET Core: Improper processing of XML documents can cause a denial of service (CVE-2018-0764)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0379", "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/52", "url": "https://github.com/dotnet/announcements/issues/52" }, { "category": "external", "summary": "1533730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533730" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0379.json" } ], "title": "Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update", "tracking": { "current_release_date": "2024-11-05T20:24:15+00:00", "generator": { "date": "2024-11-05T20:24:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2018:0379", "initial_release_date": "2018-03-01T07:51:11+00:00", "revision_history": [ { "date": "2018-03-01T07:51:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-03-01T07:51:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:24:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "product": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "product_id": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.9-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "product": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "product_id": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore-debuginfo@1.0.9-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "product": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "product_id": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore-debuginfo@1.1.6-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "product": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "product_id": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.6-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "product_id": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-debuginfo@2.0.5-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "product_id": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-sdk-2.1@2.1.4-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "product_id": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-host@2.0.5-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "product_id": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-runtime-2.0@2.0.5-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "product_id": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet@2.0.5-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "product": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "product_id": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.9-1.el7?arch=src" } } }, { "category": "product_version", "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "product": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "product_id": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.6-1.el7?arch=src" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "product": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "product_id": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet@2.0.5-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "relates_to_product_reference": "7ComputeNode-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "relates_to_product_reference": "7ComputeNode-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "relates_to_product_reference": "7Server-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "relates_to_product_reference": "7Server-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "relates_to_product_reference": "7Workstation-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "relates_to_product_reference": "7Workstation-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0764", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1533730" } ], "notes": [ { "category": "description", "text": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "title": "Vulnerability description" }, { "category": "summary", "text": "Core: Improper processing of XML documents can cause a denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0764" }, { "category": "external", "summary": "RHBZ#1533730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533730" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0764", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0764" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764" } ], "release_date": "2017-11-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-01T07:51:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0379" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.9-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.9-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.6-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.6-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.1-0:2.1.4-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Core: Improper processing of XML documents can cause a denial of service" } ] }
ghsa-rr3c-f55v-qhv5
Vulnerability from github
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
{ "affected": [ { "package": { "ecosystem": "NuGet", "name": "System.Security.Cryptography.Xml" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.4.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-0764" ], "database_specific": { "cwe_ids": [], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:55:37Z", "nvd_published_at": "2018-01-10T01:29:00Z", "severity": "HIGH" }, "details": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "id": "GHSA-rr3c-f55v-qhv5", "modified": "2022-04-27T19:25:26Z", "published": "2018-10-16T17:34:00Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0764" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-rr3c-f55v-qhv5" }, { "type": "WEB", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/102387" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1040152" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents" }
gsd-2018-0764
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2018-0764", "description": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "id": "GSD-2018-0764", "references": [ "https://access.redhat.com/errata/RHSA-2018:0379" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-0764" ], "details": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "id": "GSD-2018-0764", "modified": "2023-12-13T01:22:24.307459Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2018-01-09T00:00:00", "ID": "CVE-2018-0764", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET Framework and .NET Core", "version": { "version_data": [ { "version_value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0" } ] } } ] }, "vendor_name": "Microsoft Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "102387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102387" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "name": "RHSA-2018:0379", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0379" }, { "name": "1040152", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040152" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,4.4.2)", "affected_versions": "All versions before 4.4.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2021-08-26", "description": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "fixed_versions": [ "4.4.2" ], "identifier": "CVE-2018-0764", "identifiers": [ "GHSA-rr3c-f55v-qhv5", "CVE-2018-0764" ], "not_impacted": "All versions starting from 4.4.2", "package_slug": "nuget/System.Security.Cryptography.Xml", "pubdate": "2018-10-16", "solution": "Upgrade to version 4.4.2 or above.", "title": "Moderate severity vulnerability that affects System.Security.Cryptography.Xml", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-0764", "https://github.com/advisories/GHSA-rr3c-f55v-qhv5" ], "uuid": "f91e42ae-00ff-4df4-8787-1288ccc34982" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-0764" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764" }, { "name": "1040152", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040152" }, { "name": "102387", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/102387" }, { "name": "RHSA-2018:0379", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0379" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2021-08-12T17:19Z", "publishedDate": "2018-01-10T01:29Z" } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.