7.5

CVE-2017-11770

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftAspnetcore Version1.0
MicrosoftAspnetcore Version1.1
MicrosoftAspnetcore Version2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.42% 0.917
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://access.redhat.com/errata/RHSA-2017:3248
Third Party Advisory
http://www.securityfocus.com/bid/101710
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039787
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770
Patch
Vendor Advisory