CVE-2017-0247

Exploit

EPSS 11.12%
Published 12.05.2017 14:29:03
Last modified 20.04.2025 01:37:25
Source secure@microsoft.com
Teams watchlist Login
Open Login

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Asp.Net Model View Controller Version1.0.0

Microsoft ≫ Asp.Net Model View Controller Version1.0.1

Microsoft ≫ Asp.Net Model View Controller Version1.0.2

Microsoft ≫ Asp.Net Model View Controller Version1.0.3

Microsoft ≫ Asp.Net Model View Controller Version1.1.0

Microsoft ≫ Asp.Net Model View Controller Version1.1.1

Microsoft ≫ Asp.Net Model View Controller Version1.1.2

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Abstractions Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Apiexplorer Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Cors Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Dataannotations Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Json Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Formatters.Xml Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Localization Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Razor.Host Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Taghelpers Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Viewfeatures Version1.1.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.0.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.0.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.0.2 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.0.3 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.1.0 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.1.1 SwPlatformasp.net

Microsoft ≫ Microsoft.Aspnetcore.Mvc.Webapicompatshim Version1.1.2 SwPlatformasp.net

Microsoft ≫ System.Net.Http Version4.1.1 SwPlatformasp.net

Microsoft ≫ System.Net.Http Version4.3.1 SwPlatformasp.net

Microsoft ≫ System.Net.Http.Winhttphandler Version4.0.1 SwPlatformasp.net

Microsoft ≫ System.Net.Http.Winhttphandler Version4.3.0 SwPlatformasp.net

Microsoft ≫ System.Net.Security Version4.0.0 SwPlatformasp.net

Microsoft ≫ System.Net.Security Version4.3.0 SwPlatformasp.net

Microsoft ≫ System.Net.Websockets.Client Version4.0.0 SwPlatformasp.net

Microsoft ≫ System.Net.Websockets.Client Version4.3.0 SwPlatformasp.net

Microsoft ≫ System.Text.Encodings.Web Version4.0.0 SwPlatformasp.net

Microsoft ≫ System.Text.Encodings.Web Version4.3.0 SwPlatformasp.net

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.12%	0.928

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/aspnet/Announcements/issues/239

Third Party Advisory

Technical Description

https://technet.microsoft.com/en-us/library/security/4021279.aspx

Patch

Vendor Advisory

https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2017-0247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-0247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-0247

EUVD