Published: 15/11/2017 Updated: 16/04/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated malicious user to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft aspnetcore 1.1
microsoft aspnetcore 2.0
microsoft aspnetcore 1.0

Synopsis Low: NET Core security update Type/Severity Security Advisory: Low Topic A security update for NET Core on RHEL is now availableRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...

NET Core 10, 11, and 20 allow an unauthenticated attacker to remotely cause a denial of service attack against a NET Core web application by improperly parsing certificate data A denial of service vulnerability exists when NET Core improperly handles parsing certificate data, aka "NET CORE Denial Of Service Vulnerability" ...

CWE-295 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770 http://www.securitytracker.com/id/1039787 http://www.securityfocus.com/bid/101710 https://access.redhat.com/errata/RHSA-2017:3248 https://access.redhat.com/errata/RHSA-2017:3248 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-11770

CVE-2017-11770

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect