Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-0248

Published: 12/05/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Microsoft

Vulnerability Summary

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an malicious user to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft .net framework 4.6.2

microsoft .net framework 4.7

microsoft .net framework 2.0

microsoft .net framework 3.5

microsoft .net framework 4.6

microsoft .net framework 4.6.1

microsoft .net framework 3.5.1

microsoft .net framework 4.5.2

Github Repositories

https://github.com/shiftingleft/dotnet-scm-test

DotNetTest A minimal C# application that deliberately references NuGet packages with known vulnerabilities While the following components are included as references in the project file DotNetTestcsproj, the only file containing code, Programcs, does not reference any of these vulnerable components Components referenced Component ID Version Highest CVSS Score CVE ID(s)

https://github.com/SimonCropp/OssIndexClient

A .net client for OSSIndex (https://ossindex.sonatype.org/)

OssIndexClient A net client for OSSIndex (ossindexsonatypeorg/) See Milestones for release notes NuGet package nugetorg/packages/OssIndexClient/ Usage Getting a report using var ossIndexClient = new OssIndex(); var report = await ossIndexClientGetReport( new( ecoSystem: EcoSystemnuget, name: "SystemNetHttp", ve

Recent Articles

It's 2017 and Windows PCs are being owned by EPS files, webpages
The Register • Shaun Nichols in San Francisco • 09 May 2017

Get patching ASAP as exploits are being used in the wild – and fix Adobe stuff, too

Microsoft has today published patches for more than 50 security flaws in its products – including three serious holes being exploited right now in the wild. These updates should be applied as soon as possible. The May edition of Patch Tuesday addresses blunders in Internet Explorer, Edge, Windows, Office, and the .NET Framework. In total, 55 bugs have been squashed, including 17 that have been rated as critical security risks. Of the three bad bugs being actively exploited in the wild, two can...

Read more...

References

CWE-295https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248http://www.securityfocus.com/bid/98117http://www.securitytracker.com/id/1038458https://nvd.nist.govhttps://github.com/shiftingleft/dotnet-scm-testhttps://github.com/SimonCropp/OssIndexClienthttps://www.theregister.co.uk/2017/05/09/may_2017_ms_patch_tuesday/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook