Search criteria
66 vulnerabilities found for ASP.NET Core by Microsoft
VAR-202310-0175
Vulnerability from variot - Updated: 2025-12-22 22:37The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. The updated image includes new features and bug fixes.
It contains the following bug fixes and changes:
-
Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a
PRE_FLIGHT_CHECKS_FAILEDerror. This issue has been fixed. (ROX-19955) -
RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or deploy life cycle stage.
Description:
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13. ========================================================================== Ubuntu Security Notice USN-6438-2 October 25, 2023
.Net regressions
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
Summary:
An incomplete fix was discovered in .Net.
Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime
Details:
USN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix for CVE-2023-36799 was incomplete. This update fixes the problem.
Original advisory details:
Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799)
It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.124-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-host 6.0.124-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.124-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.124-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.113-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.124-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.113-0ubuntu1~23.10.1 dotnet6 6.0.124-0ubuntu1~23.10.1 dotnet7 7.0.113-0ubuntu1~23.10.1
In general, a standard system update will make all the necessary changes.
The following data is constructed from data provided by Red Hat's json file at:
https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.12.40 bug fix and security update Advisory ID: RHSA-2023:5896-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:5896 Issue date: 2023-10-25 Revision: 01 CVE Names: CVE-2023-44487 ====================================================================
Summary:
Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2023:5898
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
Security Fix(es):
- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Solution:
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html
CVEs:
CVE-2023-44487
References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5522-1 security@debian.org https://www.debian.org/security/ Markus Koschany October 10, 2023 https://www.debian.org/security/faq
Package : tomcat9 CVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487 CVE-2023-45648
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
CVE-2023-24998
Denial of service. Tomcat uses a packaged renamed copy of Apache Commons
FileUpload to provide the file upload functionality defined in the Jakarta
Servlet specification. Apache Tomcat was, therefore, also vulnerable to the
Commons FileUpload vulnerability CVE-2023-24998 as there was no limit to
the number of request parts processed. This resulted in the possibility of
an attacker triggering a DoS with a malicious upload or series of uploads.
CVE-2023-41080
Open redirect. If the ROOT (default) web application is configured to use
FORM authentication then it is possible that a specially crafted URL could
be used to trigger a redirect to an URL of the attackers choice.
CVE-2023-42795
Information Disclosure. When recycling various internal objects, including
the request and the response, prior to re-use by the next request/response,
an error could cause Tomcat to skip some parts of the recycling process
leading to information leaking from the current request/response to the
next.
CVE-2023-44487
DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)
CVE-2023-45648
Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A
specially crafted, invalid trailer header could cause Tomcat to treat a
single request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
For the oldstable distribution (bullseye), these problems have been fixed in version 9.0.43-2~deb11u7.
We recommend that you upgrade your tomcat9 packages.
For the detailed security status of tomcat9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU 0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+ JxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7 eKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s Es5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV WwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P 3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR Nh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2 dbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY A77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj e3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY= =6KYM -----END PGP SIGNATURE----- .
Description:
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "node healthcheck operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "secure dynamic attributes connector",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2.0"
},
{
"model": "varnish cache",
"scope": "lt",
"trust": 1.0,
"vendor": "varnish cache",
"version": "2023-10-10"
},
{
"model": "decision manager",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nginx plus",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "build of quarkus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.100"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "cost management",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.2\\(7\\)"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "kong gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "konghq",
"version": "3.4.2"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "prime network registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.2"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "3.0.0"
},
{
"model": "integration camel k",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "integration service registry",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "migration toolkit for applications",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "solr",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.4.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "iot field network director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.11.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "openshift distributed tracing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6"
},
{
"model": "cbl-mariner",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-11"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "big-ip next",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "20.0.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.2"
},
{
"model": "unified contact center enterprise - live data server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.6.2"
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(5\\)"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "caddy",
"scope": "lt",
"trust": 1.0,
"vendor": "caddyserver",
"version": "2.7.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "expressway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "nghttp2",
"scope": "lt",
"trust": 1.0,
"vendor": "nghttp2",
"version": "1.57.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "unified contact center domain manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.0"
},
{
"model": "openshift secondary scheduler operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "16.1"
},
{
"model": "grpc",
"scope": "gte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.0"
},
{
"model": "swiftnio http\\/2",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "1.28.0"
},
{
"model": "openshift dev spaces",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "windows 10 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19044.3570"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "opensearch data prepper",
"scope": "lt",
"trust": 1.0,
"vendor": "amazon",
"version": "2.5.0"
},
{
"model": "telepresence video communication server",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "x14.3.3"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "business process automation",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2.003.009"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "enterprise chat and email",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "linkerd",
"scope": "lte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.5"
},
{
"model": "service interconnect",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "machine deletion remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7.5"
},
{
"model": "windows 11 21h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22000.2538"
},
{
"model": "traefik",
"scope": "eq",
"trust": 1.0,
"vendor": "traefik",
"version": "3.0.0"
},
{
"model": "single sign-on",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ios xr",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.11.2"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.0"
},
{
"model": "ultra cloud core - serving gateway function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "secure malware analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.19.2"
},
{
"model": "self node remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.80"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(1\\)"
},
{
"model": "cryostat",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r29"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "11.0.0"
},
{
"model": "grpc",
"scope": "lte",
"trust": 1.0,
"vendor": "grpc",
"version": "1.59.2"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "openshift api for data protection",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "integration camel for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "support for spring boot",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "prime infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.4"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.93"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "r25"
},
{
"model": "web terminal",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "nx-os",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "10.4\\(2\\)"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "ceph storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "proxygen",
"scope": "lt",
"trust": 1.0,
"vendor": "facebook",
"version": "2023.10.16.00"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "nx-os",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "firepower threat defense",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.4.2"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.2.3"
},
{
"model": "istio",
"scope": "gte",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.0"
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "windows 10 1607",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.14393.6351"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "crosswork zero touch provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "windows server 2016",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "node maintenance operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "networking",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "0.17.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "grpc",
"scope": "eq",
"trust": 1.0,
"vendor": "grpc",
"version": "1.57.0"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "run once duration override operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.8.2"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.56.3"
},
{
"model": "windows 10 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.19045.3570"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.13"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "advanced cluster management for kubernetes",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "advanced cluster security",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.21.4.3"
},
{
"model": "big-ip carrier-grade nat",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "windows 10 1809",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.17763.4974"
},
{
"model": "prime cable provisioning",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.14.1"
},
{
"model": "service telemetry framework",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.5"
},
{
"model": "windows server 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "crosswork data gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "contour",
"scope": "lt",
"trust": 1.0,
"vendor": "projectcontour",
"version": "2023-10-11"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.1.9"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "nginx plus",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r30"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "grpc",
"scope": "lt",
"trust": 1.0,
"vendor": "grpc",
"version": "1.58.3"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.17.6"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "data center network manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "openshift sandboxed containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.427"
},
{
"model": "big-ip ssl orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "jboss data grid",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "20.0.0"
},
{
"model": "azure kubernetes service",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2023-10-08"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.53"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "process automation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "logging subsystem for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.24.10"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.27.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "crosswork situation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "ultra cloud core - policy control function",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.18.3"
},
{
"model": "connected mobile experiences",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "istio",
"scope": "lt",
"trust": 1.0,
"vendor": "istio",
"version": "1.19.1"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "jboss a-mq streams",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.18.2"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.0.2"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.17"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "10.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "12.0.2"
},
{
"model": "3scale api management platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "ansible automation platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.3"
},
{
"model": "traefik",
"scope": "lt",
"trust": 1.0,
"vendor": "traefik",
"version": "2.10.5"
},
{
"model": "openshift gitops",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.12"
},
{
"model": "go",
"scope": "gte",
"trust": 1.0,
"vendor": "golang",
"version": "1.21.0"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.17"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.25.2"
},
{
"model": "windows server 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.23"
},
{
"model": "jboss a-mq",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.20"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"model": "ultra cloud core - session management function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.02.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip websafe",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "ultra cloud core - policy control function",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2024.01.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openstack platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "17.1"
},
{
"model": "network observability operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "http",
"scope": "eq",
"trust": 1.0,
"vendor": "ietf",
"version": "2.0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "crosswork data gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "openshift developer tools and services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.26.4"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fence agents remediation operator",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "http2",
"scope": "lt",
"trust": 1.0,
"vendor": "kazu yamamoto",
"version": "4.2.2"
},
{
"model": "ios xe",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "17.15.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip next service proxy for kubernetes",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.5.0"
},
{
"model": "big-ip application visibility and reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "fog director",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.22"
},
{
"model": "certification for red hat enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "go",
"scope": "lt",
"trust": 1.0,
"vendor": "golang",
"version": "1.20.10"
},
{
"model": "migration toolkit for virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip ssl orchestrator",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "prime access registrar",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3.3"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "windows 11 22h2",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "10.0.22621.2428"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "cert-manager operator for red hat openshift",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "migration toolkit for containers",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip carrier-grade nat",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "openshift data science",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "h2o",
"scope": "lt",
"trust": 1.0,
"vendor": "dena",
"version": "2023-10-10"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "big-ip ddos hybrid defender",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.4.2"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "akka",
"version": "10.5.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.5"
},
{
"model": "big-ip ssl orchestrator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.1"
},
{
"model": "jenkins",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.414.2"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "linkerd",
"scope": "eq",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.13.0"
},
{
"model": "big-ip carrier-grade nat",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "openshift container platform assisted installer",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "big-ip application visibility and reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.5"
},
{
"model": "astra control center",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "secure web appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "15.1.0"
},
{
"model": "envoy",
"scope": "eq",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.25.9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "big-ip websafe",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "apisix",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.6.1"
},
{
"model": "openshift serverless",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "3.3.0"
},
{
"model": "armeria",
"scope": "lt",
"trust": 1.0,
"vendor": "linecorp",
"version": "1.26.0"
},
{
"model": "unified contact center management portal",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip advanced web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.0"
},
{
"model": "build of optaplanner",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.4"
},
{
"model": "linkerd",
"scope": "gte",
"trust": 1.0,
"vendor": "linkerd",
"version": "2.12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
}
],
"trust": 0.7
},
"cve": "CVE-2023-44487",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-44487",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-44487",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. The updated image includes new features and bug fixes. \n\nIt contains the following bug fixes and changes:\n\n* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)\n\n* RHACS 4.2.2 includes a new default policy called \\\"Rapid Reset: Denial of\nService Vulnerability in HTTP/2 Protocol\\\". This policy alerts on\ndeployments with images containing components that are susceptible to a\nDenial of Service (DoS) vulnerability for HTTP/2 servers, based on\nCVE-2023-44487 and CVE-2023-39325. This policy applies to the build or\ndeploy life cycle stage. \n\n\n\n\nDescription:\n\nThis asynchronous patch is a security update zip for the JBoss EAP XP 4.0.0 runtime distribution for use with EAP 7.4.13. ==========================================================================\nUbuntu Security Notice USN-6438-2\nOctober 25, 2023\n\n.Net regressions\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n\nSummary:\n\nAn incomplete fix was discovered in .Net. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n\nDetails:\n\nUSN-6438-1 fixed vulnerabilities in .Net. It was discovered that the fix\nfor [CVE-2023-36799](https://ubuntu.com/security/CVE-2023-36799) was incomplete. This update fixes the problem. \n\nOriginal advisory details:\n\n Kevin Jones discovered that .NET did not properly process certain\n X.509 certificates. An attacker could possibly use this issue to\n cause a denial of service. (CVE-2023-36799)\n \n It was discovered that the .NET Kestrel web server did not properly\n handle HTTP/2 requests. A remote attacker could possibly use this\n issue to cause a denial of service. (CVE-2023-44487)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n aspnetcore-runtime-6.0 6.0.124-0ubuntu1~23.10.1\n aspnetcore-runtime-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-host 6.0.124-0ubuntu1~23.10.1\n dotnet-host-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-hostfxr-6.0 6.0.124-0ubuntu1~23.10.1\n dotnet-hostfxr-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-runtime-6.0 6.0.124-0ubuntu1~23.10.1\n dotnet-runtime-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet-sdk-6.0 6.0.124-0ubuntu1~23.10.1\n dotnet-sdk-7.0 7.0.113-0ubuntu1~23.10.1\n dotnet6 6.0.124-0ubuntu1~23.10.1\n dotnet7 7.0.113-0ubuntu1~23.10.1\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following data is constructed from data provided by Red Hat\u0027s json file at:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.12.40 bug fix and security update\nAdvisory ID: RHSA-2023:5896-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:5896\nIssue date: 2023-10-25\nRevision: 01\nCVE Names: CVE-2023-44487\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2023:5898\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section. \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html\n\n\nSolution:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html\n\n\n\nCVEs:\n\nCVE-2023-44487\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5522-1 security@debian.org\nhttps://www.debian.org/security/ Markus Koschany\nOctober 10, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat9\nCVE ID : CVE-2023-24998 CVE-2023-41080 CVE-2023-42795 CVE-2023-44487\n CVE-2023-45648\n\nSeveral security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. \n\nCVE-2023-24998\n\n Denial of service. Tomcat uses a packaged renamed copy of Apache Commons\n FileUpload to provide the file upload functionality defined in the Jakarta\n Servlet specification. Apache Tomcat was, therefore, also vulnerable to the\n Commons FileUpload vulnerability CVE-2023-24998 as there was no limit to\n the number of request parts processed. This resulted in the possibility of\n an attacker triggering a DoS with a malicious upload or series of uploads. \n\nCVE-2023-41080\n\n Open redirect. If the ROOT (default) web application is configured to use\n FORM authentication then it is possible that a specially crafted URL could\n be used to trigger a redirect to an URL of the attackers choice. \n\nCVE-2023-42795\n\n Information Disclosure. When recycling various internal objects, including\n the request and the response, prior to re-use by the next request/response,\n an error could cause Tomcat to skip some parts of the recycling process\n leading to information leaking from the current request/response to the\n next. \n\nCVE-2023-44487\n\n DoS caused by HTTP/2 frame overhead (Rapid Reset Attack)\n\nCVE-2023-45648\n\n Request smuggling. Tomcat did not correctly parse HTTP trailer headers. A\n specially crafted, invalid trailer header could cause Tomcat to treat a\n single request as multiple requests leading to the possibility of request\n smuggling when behind a reverse proxy. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 9.0.43-2~deb11u7. \n\nWe recommend that you upgrade your tomcat9 packages. \n\nFor the detailed security status of tomcat9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/tomcat9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUlyBRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeRBnhAAk1o0EDLnX1zaS0Xnz9jybhd9XdXat1HwZXvV3XFRGVXu5+r2bKH+KQjU\n0GJ6koP3KDt10DrI8DzOq+9Msu0/TbPYAZKDHPjPYfcUqXRmwRrvTXtq5cbR5v3+\nJxgJhiqjQYb1DYiDLC5iU+6aryrZg2ma1i81lG5v8N1TDfaCHzbZiMpyeYEABkd7\neKX3tzngoK9UaIgYVBxrjnM9bPRWnRFJRBMu/hs4VS6gxqzAaZT72Tcaf0Vf3t1s\nEs5IMgrhBC0Q2Amlm3N5z37p0nlhnJdNC3dAHetRCy92g9/KsjB/1BZfYY7rM8wV\nWwvB5WwQ0T4eRqKmc8yY86sUdfXkhPqz1oFDbnNgxtBjMm2z/of9pNEm+2NCpv9P\n3MpCIKsEWiGH8+uleGuFhAHoWeUYjDNJjH1di6+PYZoBaEJ8eiXct/THBt/0nvFR\nNh6AFDqi1Hi5/GdPK71eFRDsXOwgSuRg1ZRJtJP1W/dYEiczP89l0CM04PwxEAn2\ndbE2ZCUQmIzQdng4OAHt+ze+QDini4HtoRJnQHq4P/QUIEQAE9C0hOIMMnrtpqIY\nA77Qa1bBVqDgLlhvSmpSrVigmfyXSpmtfc9G0KXcq5IAvr75jZ0PNuIk/VTyklYj\ne3g3nA1rbB1jlx6cvPqWBFItXW8800mJ0CXHb8EN8jKdB5BnooY=\n=6KYM\n-----END PGP SIGNATURE-----\n. \n\n\n\n\nDescription:\n\nVarnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
},
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-44487",
"trust": 2.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/19/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/6",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/20/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/10/7",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/18/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/10/13/9",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/08/13/6",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "175298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175070",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175231",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175970",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"id": "VAR-202310-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.384739252
},
"last_update_date": "2025-12-22T22:37:57.843000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"trust": 1.0,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"trust": 1.0,
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"trust": 1.0,
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"trust": 1.0,
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"trust": 1.0,
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"trust": 1.0,
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"trust": 1.0,
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"trust": 1.0,
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"trust": 1.0,
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"trust": 1.0,
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
},
{
"trust": 1.0,
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"trust": 1.0,
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"trust": 1.0,
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"trust": 1.0,
"url": "https://github.com/bcdannyboy/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"trust": 1.0,
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"trust": 1.0,
"url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"trust": 1.0,
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
},
{
"trust": 1.0,
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"trust": 1.0,
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"trust": 1.0,
"url": "https://ubuntu.com/security/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"trust": 1.0,
"url": "https://github.com/golang/go/issues/63417"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
},
{
"trust": 1.0,
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"trust": 1.0,
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"trust": 1.0,
"url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
},
{
"trust": 1.0,
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"trust": 1.0,
"url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://github.com/kong/kong/discussions/11741"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"trust": 1.0,
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
},
{
"trust": 1.0,
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"trust": 1.0,
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.0,
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
},
{
"trust": 1.0,
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"trust": 1.0,
"url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
},
{
"trust": 1.0,
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"trust": 1.0,
"url": "https://github.com/microsoft/cbl-mariner/pull/6381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
},
{
"trust": 1.0,
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"trust": 1.0,
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000137106"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 1.0,
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"trust": 1.0,
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
},
{
"trust": 1.0,
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
},
{
"trust": 1.0,
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"trust": 1.0,
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"trust": 1.0,
"url": "https://github.com/line/armeria/pull/5232"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"trust": 1.0,
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
},
{
"trust": 1.0,
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-http2-reset-d8kf32vz"
},
{
"trust": 1.0,
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"trust": 1.0,
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
},
{
"trust": 1.0,
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
},
{
"trust": 1.0,
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"trust": 1.0,
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"trust": 1.0,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
},
{
"trust": 1.0,
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"trust": 1.0,
"url": "https://github.com/azure/aks/issues/3947"
},
{
"trust": 1.0,
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"trust": 1.0,
"url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"trust": 1.0,
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6048.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-39325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-39325"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6048"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5978.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/jboss_eap_xp_4.0_upgrade_and_migration_guide/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:6144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6144.json"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/2040208"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6438-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.124-0ubuntu1~23.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/2040207,"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/cve-2023-36799)"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6438-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36799"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.113-0ubuntu1~23.10.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5896.json"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5896"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2023:5898"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nghttp2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-45648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-42795"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tomcat9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24998"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5924.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:5803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5803.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7481.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:7481"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "175298"
},
{
"db": "PACKETSTORM",
"id": "175273"
},
{
"db": "PACKETSTORM",
"id": "175390"
},
{
"db": "PACKETSTORM",
"id": "175330"
},
{
"db": "PACKETSTORM",
"id": "175325"
},
{
"db": "PACKETSTORM",
"id": "176035"
},
{
"db": "PACKETSTORM",
"id": "175070"
},
{
"db": "PACKETSTORM",
"id": "175231"
},
{
"db": "PACKETSTORM",
"id": "175172"
},
{
"db": "PACKETSTORM",
"id": "175970"
},
{
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-24T15:55:29",
"db": "PACKETSTORM",
"id": "175298"
},
{
"date": "2023-10-23T14:26:48",
"db": "PACKETSTORM",
"id": "175273"
},
{
"date": "2023-10-30T12:35:28",
"db": "PACKETSTORM",
"id": "175390"
},
{
"date": "2023-10-25T13:48:01",
"db": "PACKETSTORM",
"id": "175330"
},
{
"date": "2023-10-25T13:46:22",
"db": "PACKETSTORM",
"id": "175325"
},
{
"date": "2023-12-04T13:45:34",
"db": "PACKETSTORM",
"id": "176035"
},
{
"date": "2023-10-11T16:46:58",
"db": "PACKETSTORM",
"id": "175070"
},
{
"date": "2023-10-20T14:32:43",
"db": "PACKETSTORM",
"id": "175231"
},
{
"date": "2023-10-18T16:26:02",
"db": "PACKETSTORM",
"id": "175172"
},
{
"date": "2023-11-29T12:44:32",
"db": "PACKETSTORM",
"id": "175970"
},
{
"date": "2023-10-10T14:15:10.883000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-07T19:00:41.810000",
"db": "NVD",
"id": "CVE-2023-44487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175330"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2023-6048-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "175298"
}
],
"trust": 0.1
}
}
VAR-202308-2021
Vulnerability from variot - Updated: 2025-12-22 22:11.NET and Visual Studio Denial of Service Vulnerability. ========================================================================== Ubuntu Security Notice USN-6278-2 August 10, 2023
dotnet6, dotnet7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in .NET.
Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime
Details:
USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. (CVE-2023-35390)
Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38178)
It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38180)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.121-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-host 6.0.121-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.121-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.121-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.121-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.110-0ubuntu1~22.04.1 dotnet6 6.0.121-0ubuntu1~22.04.1 dotnet7 7.0.110-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
-
9) - aarch64, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-dotnet60-dotnet security, bug fix, and enhancement update Advisory ID: RHSA-2023:4641-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4641 Issue date: 2023-08-14 CVE Names: CVE-2023-35390 CVE-2023-38180 =====================================================================
- Summary:
An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21.
Security Fix(es):
-
dotnet: RCE under dotnet commands (CVE-2023-35390)
-
dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm
x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-35390 https://access.redhat.com/security/cve/CVE-2023-38180 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCAAGBQJk2ox4AAoJENzjgjWX9erEzm4P/j9KGuwQcPYINF/hHv894DBB jd4ssZNnb1cmEPcILEnWbjpj3Tye/4C1TFMP4Gwk8iYCks7XB3OhkUxoOnmH5AL+ yNSTTkFTDwHtPDVHnfxrEb5mBi5xPGowh3BTcxI5T1IcQD6Iq22PK4kul35oB1JA ONxq0IJAjGosZE097ZLzI5wDYriW7j4ztYpj7bb17PeB8hi+DM3+xFGsQF/bEzco cabRwo9sqeUc3g9UMs4BptqwIIFYBawimos9EHxnW+VWPrA/xxvdnMV3k9E9t/35 OiLuG8U6oxxE+s3AZkAABNPVLK0w8xdTCgSce0hrK90o/BuSPEMqEpDV/uyQ3YWT MflES8m3hUk2Dn54u0oIeugEy/19mNxGm59LSVEC6v/KpUz8dIaNmHQN+/m9vFKH CGCcqxBYhsv7V4Khm6KFL1TjJqx2PqVGBlIjzAOEl6N1f3ZYROYIWlbrh4F3u2yB 9hPXsGNqBak+Tjqtsxz/NmADsHU2vD99u3O5OUTzxEvt4QBUq9ccfRB8C4j47mcR Sd9y3aT9D/aYRfTFTUfdaLFr5acKBQzskH4eDmBWin0nJFNRCa71dq1kHbywTRqA 1UF98WUX3ERSEkqPb2uSpg0u7/OUD5VjYxFwH5yHk0KuSi/54G88bEUDR0OyK/zY /2tvafvaLc1Di9EP6HOd =uint -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2021",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.6"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.10"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.18"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.40"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.0"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.10"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.2"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.4"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "174181"
},
{
"db": "PACKETSTORM",
"id": "174182"
},
{
"db": "PACKETSTORM",
"id": "174179"
},
{
"db": "PACKETSTORM",
"id": "174168"
},
{
"db": "PACKETSTORM",
"id": "174183"
},
{
"db": "PACKETSTORM",
"id": "174167"
}
],
"trust": 0.6
},
"cve": "CVE-2023-38180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38180",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-002799",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2023-38180",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002799",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Denial of Service Vulnerability. ==========================================================================\nUbuntu Security Notice USN-6278-2\nAugust 10, 2023\n\ndotnet6, dotnet7 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in .NET. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n\nDetails:\n\nUSN-6278-1 fixed several vulnerabilities in .NET. This update\nprovides the corresponding updates for Ubuntu 22.04 LTS. \n\nOriginal advisory details:\n\n It was discovered that .NET did properly handle the execution of\n certain commands. An attacker could possibly use this issue to\n achieve remote code execution. (CVE-2023-35390)\n\n Benoit Foucher discovered that .NET did not properly implement the\n QUIC stream limit in HTTP/3. An attacker could possibly use this\n issue to cause a denial of service. (CVE-2023-38178)\n\n It was discovered that .NET did not properly handle the disconnection\n of potentially malicious clients interfacing with a Kestrel server. An\n attacker could possibly use this issue to cause a denial of service. \n (CVE-2023-38180)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n aspnetcore-runtime-6.0 6.0.121-0ubuntu1~22.04.1\n aspnetcore-runtime-7.0 7.0.110-0ubuntu1~22.04.1\n dotnet-host 6.0.121-0ubuntu1~22.04.1\n dotnet-host-7.0 7.0.110-0ubuntu1~22.04.1\n dotnet-hostfxr-6.0 6.0.121-0ubuntu1~22.04.1\n dotnet-hostfxr-7.0 7.0.110-0ubuntu1~22.04.1\n dotnet-runtime-6.0 6.0.121-0ubuntu1~22.04.1\n dotnet-runtime-7.0 7.0.110-0ubuntu1~22.04.1\n dotnet-sdk-6.0 6.0.121-0ubuntu1~22.04.1\n dotnet-sdk-7.0 7.0.110-0ubuntu1~22.04.1\n dotnet6 6.0.121-0ubuntu1~22.04.1\n dotnet7 7.0.110-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. 9) - aarch64, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-dotnet60-dotnet security, bug fix, and enhancement update\nAdvisory ID: RHSA-2023:4641-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:4641\nIssue date: 2023-08-14\nCVE Names: CVE-2023-35390 CVE-2023-38180 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 6.0.121 and .NET Runtime\n6.0.21. \n\nSecurity Fix(es):\n\n* dotnet: RCE under dotnet commands (CVE-2023-35390)\n\n* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of\nService attack (CVE-2023-38180)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack\n2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2023-35390\nhttps://access.redhat.com/security/cve/CVE-2023-38180\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCAAGBQJk2ox4AAoJENzjgjWX9erEzm4P/j9KGuwQcPYINF/hHv894DBB\njd4ssZNnb1cmEPcILEnWbjpj3Tye/4C1TFMP4Gwk8iYCks7XB3OhkUxoOnmH5AL+\nyNSTTkFTDwHtPDVHnfxrEb5mBi5xPGowh3BTcxI5T1IcQD6Iq22PK4kul35oB1JA\nONxq0IJAjGosZE097ZLzI5wDYriW7j4ztYpj7bb17PeB8hi+DM3+xFGsQF/bEzco\ncabRwo9sqeUc3g9UMs4BptqwIIFYBawimos9EHxnW+VWPrA/xxvdnMV3k9E9t/35\nOiLuG8U6oxxE+s3AZkAABNPVLK0w8xdTCgSce0hrK90o/BuSPEMqEpDV/uyQ3YWT\nMflES8m3hUk2Dn54u0oIeugEy/19mNxGm59LSVEC6v/KpUz8dIaNmHQN+/m9vFKH\nCGCcqxBYhsv7V4Khm6KFL1TjJqx2PqVGBlIjzAOEl6N1f3ZYROYIWlbrh4F3u2yB\n9hPXsGNqBak+Tjqtsxz/NmADsHU2vD99u3O5OUTzxEvt4QBUq9ccfRB8C4j47mcR\nSd9y3aT9D/aYRfTFTUfdaLFr5acKBQzskH4eDmBWin0nJFNRCa71dq1kHbywTRqA\n1UF98WUX3ERSEkqPb2uSpg0u7/OUD5VjYxFwH5yHk0KuSi/54G88bEUDR0OyK/zY\n/2tvafvaLc1Di9EP6HOd\n=uint\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38180"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "PACKETSTORM",
"id": "174089"
},
{
"db": "PACKETSTORM",
"id": "174134"
},
{
"db": "PACKETSTORM",
"id": "174181"
},
{
"db": "PACKETSTORM",
"id": "174182"
},
{
"db": "PACKETSTORM",
"id": "174179"
},
{
"db": "PACKETSTORM",
"id": "174168"
},
{
"db": "PACKETSTORM",
"id": "174183"
},
{
"db": "PACKETSTORM",
"id": "174167"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-38180",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU93250330",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002799",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "174089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174134",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174168",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174167",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "174089"
},
{
"db": "PACKETSTORM",
"id": "174134"
},
{
"db": "PACKETSTORM",
"id": "174181"
},
{
"db": "PACKETSTORM",
"id": "174182"
},
{
"db": "PACKETSTORM",
"id": "174179"
},
{
"db": "PACKETSTORM",
"id": "174168"
},
{
"db": "PACKETSTORM",
"id": "174183"
},
{
"db": "PACKETSTORM",
"id": "174167"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"id": "VAR-202308-2021",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-12-22T22:11:03.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38180"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-38180"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cl2l4we5qrt7wexanyxsksu43apc5n2v/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nwvzfktlnmnkpz755emryia6ghfowgky/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2023-38180"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-35390"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93250330/index.html"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/security-alert/2023/0809-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2023/at230016.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2023-38180"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2023-35390"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-6278-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38178"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~23.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1~23.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1~22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6278-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4641"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "174089"
},
{
"db": "PACKETSTORM",
"id": "174134"
},
{
"db": "PACKETSTORM",
"id": "174181"
},
{
"db": "PACKETSTORM",
"id": "174182"
},
{
"db": "PACKETSTORM",
"id": "174179"
},
{
"db": "PACKETSTORM",
"id": "174168"
},
{
"db": "PACKETSTORM",
"id": "174183"
},
{
"db": "PACKETSTORM",
"id": "174167"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "174089"
},
{
"db": "PACKETSTORM",
"id": "174134"
},
{
"db": "PACKETSTORM",
"id": "174181"
},
{
"db": "PACKETSTORM",
"id": "174182"
},
{
"db": "PACKETSTORM",
"id": "174179"
},
{
"db": "PACKETSTORM",
"id": "174168"
},
{
"db": "PACKETSTORM",
"id": "174183"
},
{
"db": "PACKETSTORM",
"id": "174167"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-09T16:11:58",
"db": "PACKETSTORM",
"id": "174089"
},
{
"date": "2023-08-11T13:26:47",
"db": "PACKETSTORM",
"id": "174134"
},
{
"date": "2023-08-15T15:18:45",
"db": "PACKETSTORM",
"id": "174181"
},
{
"date": "2023-08-15T15:18:59",
"db": "PACKETSTORM",
"id": "174182"
},
{
"date": "2023-08-15T15:17:34",
"db": "PACKETSTORM",
"id": "174179"
},
{
"date": "2023-08-15T14:29:02",
"db": "PACKETSTORM",
"id": "174168"
},
{
"date": "2023-08-15T15:19:13",
"db": "PACKETSTORM",
"id": "174183"
},
{
"date": "2023-08-15T14:28:46",
"db": "PACKETSTORM",
"id": "174167"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"date": "2023-08-08T19:15:10.367000",
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-17T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2023-002799"
},
{
"date": "2025-10-28T14:10:42.363000",
"db": "NVD",
"id": "CVE-2023-38180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "174089"
},
{
"db": "PACKETSTORM",
"id": "174134"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002799"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "174089"
},
{
"db": "PACKETSTORM",
"id": "174134"
}
],
"trust": 0.2
}
}
VAR-202510-3116
Vulnerability from variot - Updated: 2025-11-19 23:30Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202510-3116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.21"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.14.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.10.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.14.17"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.10.20"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "9.0.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.12.10"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.12.13"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.3.0"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.3.6"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "9.0.10"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"cve": "CVE-2025-55315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2025-55315",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2025-55315",
"trust": 1.0,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inconsistent interpretation of http requests (\u0027http request/response smuggling\u0027) in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-55315",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"id": "VAR-202510-3116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-11-19T23:30:21.592000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/"
},
{
"trust": 1.0,
"url": "https://gist.github.com/n3mes1s/d0897c13ca199e739ecc2b562f466040"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-55315"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-14T17:15:44.960000",
"db": "NVD",
"id": "CVE-2025-55315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-10-28T21:15:37.933000",
"db": "NVD",
"id": "CVE-2025-55315"
}
]
}
}
VAR-202503-2006
Vulnerability from variot - Updated: 2025-08-10 23:32Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202503-2006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.14"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.10.12"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.8.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.12.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.13.3"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "9.0.3"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.8.19"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.13.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "9.0.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.12.6"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.10.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.8"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.13"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.10"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"cve": "CVE-2025-24070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2025-24070",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-011105",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2025-24070",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-011105",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weak authentication in ASP.NET Core \u0026amp; Visual Studio allows an unauthorized attacker to elevate privileges over a network",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-24070",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-011105",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"id": "VAR-202503-2006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-08-10T23:32:55.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Windows vulnerabilities ( 2025 Year 3 Release date:",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24070"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1390",
"trust": 1.0
},
{
"problemtype": "Weak authentication (CWE-1390) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-24070"
},
{
"trust": 1.0,
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-24070"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-24070"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/security-alert/2024/0312-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2025/at250005.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"date": "2025-03-11T17:16:29.680000",
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-08T09:13:00",
"db": "JVNDB",
"id": "JVNDB-2025-011105"
},
{
"date": "2025-07-02T14:25:46.603000",
"db": "NVD",
"id": "CVE-2025-24070"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft\u0027s \u00a0ASP.NET\u00a0Core\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Elevated Privileges in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-011105"
}
],
"trust": 0.8
}
}
VAR-202504-3989
Vulnerability from variot - Updated: 2025-07-18 23:22Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. Microsoft's ASP.NET Core and Microsoft Visual Studio includes denial of service (DoS) Vulnerability exists.Denial of service by unauthenticated attackers (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202504-3989",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.13.6"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "9.0.4"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.12.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.13.0"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.15"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.10.13"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.8.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.8.20"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.12.7"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.10.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "9.0.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.8"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.12"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.13"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"cve": "CVE-2025-26682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2025-26682",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2025-009054",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2025-26682",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-009054",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. Microsoft\u0027s ASP.NET Core and Microsoft Visual Studio includes denial of service (DoS) Vulnerability exists.Denial of service by unauthenticated attackers (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-26682"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-26682",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-009054",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"id": "VAR-202504-3989",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-07-18T23:22:14.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Windows vulnerabilities ( 2025 Year 4 Release date:",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26682"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2025-26682"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-26682"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/security-alert/2025/0409-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2025/at250009.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"date": "2025-04-08T18:15:53.033000",
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-07-16T08:31:00",
"db": "JVNDB",
"id": "JVNDB-2025-009054"
},
{
"date": "2025-07-09T16:32:39.730000",
"db": "NVD",
"id": "CVE-2025-26682"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft\u0027s \u00a0ASP.NET\u00a0Core\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-009054"
}
],
"trust": 0.8
}
}
VAR-201705-3358
Vulnerability from variot - Updated: 2025-04-20 23:32A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Fernandez of Sidertia Solutions",
"sources": [
{
"db": "BID",
"id": "98116"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-0247",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07322",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-0247",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-0247",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-0247",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-07322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-0247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0247",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07322",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737",
"trust": 0.6
},
{
"db": "BID",
"id": "98116",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-0247",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"id": "VAR-201705-3358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
}
]
},
"last_update_date": "2025-04-20T23:32:58.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94177"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70331"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/dotnet/source-build-reference-packages "
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/SimonCropp/OssIndexClient "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 1.7,
"url": "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos"
},
{
"trust": 1.7,
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0247"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/source-build-reference-packages"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98116"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"date": "2017-05-12T14:29:03.910000",
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98116"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
],
"trust": 0.6
}
}
VAR-201705-3360
Vulnerability from variot - Updated: 2025-04-20 23:32An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "98118"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-0249",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07323",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-0249",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-0249",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-0249",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-07323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-0249",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0249",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07323",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736",
"trust": 0.6
},
{
"db": "BID",
"id": "98118",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-0249",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"id": "VAR-201705-3360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
}
]
},
"last_update_date": "2025-04-20T23:32:12.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94179"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70329"
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/SimonCropp/OssIndexClient "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shiftingleft/dotnet-scm-test "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jnewman-sonatype/DotNetTest "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0249"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98118"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98118"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"date": "2017-05-12T14:29:04.003000",
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98118"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
],
"trust": 0.6
}
}
VAR-201711-0194
Vulnerability from variot - Updated: 2025-04-20 23:22.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core security update Advisory ID: RHSA-2017:3248-01 Product: dotNET on RHEL Advisory URL: https://access.redhat.com/errata/RHSA-2017:3248 Issue date: 2017-11-20 CVE Names: CVE-2017-8585 CVE-2017-11770 =====================================================================
- Summary:
A security update for .NET Core on RHEL is now available.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate
- Package List:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-11770 https://access.redhat.com/security/updates/classification/#low
https://github.com/dotnet/announcements/issues/34 https://github.com/dotnet/announcements/issues/44
https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7 qK6A1l+OTjiiqdhM/cGc8ZU= =DZ68 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bachraty Gergely",
"sources": [
{
"db": "BID",
"id": "101710"
}
],
"trust": 0.3
},
"cve": "CVE-2017-11770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11770",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11770",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11770",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-585",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\". \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core security update\nAdvisory ID: RHSA-2017:3248-01\nProduct: dotNET on RHEL\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:3248\nIssue date: 2017-11-20\nCVE Names: CVE-2017-8585 CVE-2017-11770 \n=====================================================================\n\n1. Summary:\n\nA security update for .NET Core on RHEL is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNew versions of .NET Core that address several security vulnerabilities are\nnow available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture\n1512992 - CVE-2017-11770 dotNET: DDos via bad certificate\n\n6. Package List:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-8585\nhttps://access.redhat.com/security/cve/CVE-2017-11770\nhttps://access.redhat.com/security/updates/classification/#low\n\nhttps://github.com/dotnet/announcements/issues/34\nhttps://github.com/dotnet/announcements/issues/44\n\nhttps://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7\nqK6A1l+OTjiiqdhM/cGc8ZU=\n=DZ68\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11770"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "BID",
"id": "101710"
},
{
"db": "PACKETSTORM",
"id": "145048"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11770",
"trust": 2.8
},
{
"db": "BID",
"id": "101710",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1039787",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "145048",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"id": "VAR-201711-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-04-20T23:22:19.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
},
{
"title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11770"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76424"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11770"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3248"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101710"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039787"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11770"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11770"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/44"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/announcements/issues/34"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8585"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-11770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "101710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"db": "PACKETSTORM",
"id": "145048"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101710"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"date": "2017-11-20T22:22:00",
"db": "PACKETSTORM",
"id": "145048"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"date": "2017-11-15T03:29:00.247000",
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101710"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010105"
},
{
"date": "2019-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-585"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010105"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-585"
}
],
"trust": 0.6
}
}
VAR-201711-1053
Vulnerability from variot - Updated: 2025-04-20 23:04ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". An attacker can use this vulnerability to obtain sensitive information about the target system by submitting malicious input to the affected software. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. ASP.NET Core 1.0, and 1.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-1053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.2,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "BID",
"id": "101712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "101712"
}
],
"trust": 0.3
},
"cve": "CVE-2017-8700",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-8700",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37102",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8700",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8700",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-8700",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1077",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-8700",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\". An attacker can use this vulnerability to obtain sensitive information about the target system by submitting malicious input to the affected software. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nASP.NET Core 1.0, and 1.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8700"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"db": "BID",
"id": "101712"
},
{
"db": "VULMON",
"id": "CVE-2017-8700"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8700",
"trust": 3.4
},
{
"db": "BID",
"id": "101712",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1039793",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37102",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-8700",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"db": "BID",
"id": "101712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"id": "VAR-201711-1053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
}
]
},
"last_update_date": "2025-04-20T23:04:02.766000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"
},
{
"title": "CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-8700"
},
{
"title": "Patch for Microsoft ASP.NET Core Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/108075"
},
{
"title": "Microsoft Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99815"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/11/15/november_patch_tuesday/"
},
{
"title": "Red Hat: CVE-2017-8700",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-8700"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101712"
},
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8700"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039793"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8700"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8700"
},
{
"trust": 0.6,
"url": "http://technet.microsoft.com/security/bulletin/november"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"db": "BID",
"id": "101712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"db": "BID",
"id": "101712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"date": "2017-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101712"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"date": "2017-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"date": "2017-11-15T03:29:02.060000",
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37102"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8700"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101712"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010212"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1077"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-8700"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core In Cross-Origin Resource Sharing Vulnerability that can be bypassed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1077"
}
],
"trust": 0.6
}
}
VAR-201711-0165
Vulnerability from variot - Updated: 2025-04-20 23:04.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.7,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "aspnetcore",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "101835"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
],
"trust": 0.9
},
"cve": "CVE-2017-11883",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11883",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-37113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11883",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11883",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11883",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37113",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-511",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "BID",
"id": "101835"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11883",
"trust": 3.3
},
{
"db": "BID",
"id": "101835",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1039793",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37113",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"id": "VAR-201711-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
}
]
},
"last_update_date": "2025-04-20T23:04:02.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
},
{
"title": "CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11883"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2017-37113)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/110493"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/101835"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11883"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039793"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11883"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11883"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"db": "BID",
"id": "101835"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101835"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"date": "2017-11-15T03:29:01.953000",
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37113"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101835"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010123"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-511"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11883"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010123"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-511"
}
],
"trust": 0.6
}
}
VAR-201711-0162
Vulnerability from variot - Updated: 2025-04-20 23:04ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "BID",
"id": "101713"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kavin Chalet",
"sources": [
{
"db": "BID",
"id": "101713"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
}
],
"trust": 0.9
},
"cve": "CVE-2017-11879",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-11879",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-37114",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-11879",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11879",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11879",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-37114",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-512",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11879"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"db": "BID",
"id": "101713"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11879",
"trust": 3.3
},
{
"db": "BID",
"id": "101713",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1039793",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-37114",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "BID",
"id": "101713"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"id": "VAR-201711-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
}
]
},
"last_update_date": "2025-04-20T23:04:02.700000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-11879 | ASP.NET Core Elevation Of Privilege Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879"
},
{
"title": "CVE-2017-11879 | ASP.NET Core Elevation Of Privilege Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11879"
},
{
"title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2017-37114)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/110491"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76353"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/101713"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11879"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11879"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1039793"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11879"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2017/at170044.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "BID",
"id": "101713"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"db": "BID",
"id": "101713"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101713"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"date": "2017-11-15T03:29:01.827000",
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-37114"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101713"
},
{
"date": "2017-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010210"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-512"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11879"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Login session information stealing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-512"
}
],
"trust": 0.6
}
}
VAR-202311-0474
Vulnerability from variot - Updated: 2025-01-01 22:33ASP.NET Core Security Feature Bypass Vulnerability. ========================================================================== Ubuntu Security Notice USN-6480-1 November 15, 2023
dotnet6, dotnet7, dotnet8 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in .NET.
Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime
Details:
Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. (CVE-2023-36558)
Piotr Bazydlo discovered that .NET did not properly handle untrusted URIs provided to System.Net.WebRequest.Create. An attacker could possibly use this issue to inject arbitrary commands to backend FTP servers. (CVE-2023-36049)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-host 6.0.125-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.100-0ubuntu1~23.10.1 dotnet6 6.0.125-0ubuntu1~23.10.1 dotnet7 7.0.114-0ubuntu1~23.10.1 dotnet8 8.0.100-8.0.0-0ubuntu1~23.10.1
Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-host 6.0.125-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.04.1 dotnet6 6.0.125-0ubuntu1~23.04.1 dotnet7 7.0.114-0ubuntu1~23.04.1
Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-host 6.0.125-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~22.04.1 dotnet6 6.0.125-0ubuntu1~22.04.1 dotnet7 7.0.114-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6480-1 CVE-2023-36049, CVE-2023-36558
Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202311-0474",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.14"
},
{
"model": ".net",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.0"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4.14"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.4"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2.22"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.25"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7.7"
},
{
"model": ".net",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.25"
},
{
"model": "visual studio 2022",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6.10"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.7"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.6"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.0"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "7.0.14"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.0.0"
},
{
"model": "visual studio 2022",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.2"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.2"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.7"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.4"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "175784"
}
],
"trust": 0.1
},
"cve": "CVE-2023-36558",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2023-36558",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-36558",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-36558",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "secure@microsoft.com",
"id": "CVE-2023-36558",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-36558",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-36558",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Security Feature Bypass Vulnerability. ==========================================================================\nUbuntu Security Notice USN-6480-1\nNovember 15, 2023\n\ndotnet6, dotnet7, dotnet8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 23.04\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in .NET. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n- dotnet8: dotNET CLI tools and runtime\n\nDetails:\n\nBarry Dorrans discovered that .NET did not properly implement certain\nsecurity features for Blazor server forms. An attacker could possibly\nuse this issue to bypass validation, which could trigger unintended\nactions. (CVE-2023-36558)\n\nPiotr Bazydlo discovered that .NET did not properly handle untrusted\nURIs provided to System.Net.WebRequest.Create. An attacker could possibly\nuse this issue to inject arbitrary commands to backend FTP servers. \n(CVE-2023-36049)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.10.1\n aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.10.1\n aspnetcore-runtime-8.0 8.0.0-0ubuntu1~23.10.1\n dotnet-host 6.0.125-0ubuntu1~23.10.1\n dotnet-host-7.0 7.0.114-0ubuntu1~23.10.1\n dotnet-host-8.0 8.0.0-0ubuntu1~23.10.1\n dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.10.1\n dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.10.1\n dotnet-hostfxr-8.0 8.0.0-0ubuntu1~23.10.1\n dotnet-runtime-6.0 6.0.125-0ubuntu1~23.10.1\n dotnet-runtime-7.0 7.0.114-0ubuntu1~23.10.1\n dotnet-runtime-8.0 8.0.0-0ubuntu1~23.10.1\n dotnet-sdk-6.0 6.0.125-0ubuntu1~23.10.1\n dotnet-sdk-7.0 7.0.114-0ubuntu1~23.10.1\n dotnet-sdk-8.0 8.0.100-0ubuntu1~23.10.1\n dotnet6 6.0.125-0ubuntu1~23.10.1\n dotnet7 7.0.114-0ubuntu1~23.10.1\n dotnet8 8.0.100-8.0.0-0ubuntu1~23.10.1\n\nUbuntu 23.04:\n aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.04.1\n aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.04.1\n dotnet-host 6.0.125-0ubuntu1~23.04.1\n dotnet-host-7.0 7.0.114-0ubuntu1~23.04.1\n dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.04.1\n dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.04.1\n dotnet-runtime-6.0 6.0.125-0ubuntu1~23.04.1\n dotnet-runtime-7.0 7.0.114-0ubuntu1~23.04.1\n dotnet-sdk-6.0 6.0.125-0ubuntu1~23.04.1\n dotnet-sdk-7.0 7.0.114-0ubuntu1~23.04.1\n dotnet6 6.0.125-0ubuntu1~23.04.1\n dotnet7 7.0.114-0ubuntu1~23.04.1\n\nUbuntu 22.04 LTS:\n aspnetcore-runtime-6.0 6.0.125-0ubuntu1~22.04.1\n aspnetcore-runtime-7.0 7.0.114-0ubuntu1~22.04.1\n dotnet-host 6.0.125-0ubuntu1~22.04.1\n dotnet-host-7.0 7.0.114-0ubuntu1~22.04.1\n dotnet-hostfxr-6.0 6.0.125-0ubuntu1~22.04.1\n dotnet-hostfxr-7.0 7.0.114-0ubuntu1~22.04.1\n dotnet-runtime-6.0 6.0.125-0ubuntu1~22.04.1\n dotnet-runtime-7.0 7.0.114-0ubuntu1~22.04.1\n dotnet-sdk-6.0 6.0.125-0ubuntu1~22.04.1\n dotnet-sdk-7.0 7.0.114-0ubuntu1~22.04.1\n dotnet6 6.0.125-0ubuntu1~22.04.1\n dotnet7 7.0.114-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6480-1\n CVE-2023-36049, CVE-2023-36558\n\nPackage Information:\nhttps://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1\nhttps://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1\nhttps://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1\nhttps://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1\nhttps://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1\nhttps://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1\nhttps://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-36558"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "PACKETSTORM",
"id": "175784"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-36558",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU93250330",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-04",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-007579",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "175784",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "PACKETSTORM",
"id": "175784"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"id": "VAR-202311-0474",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2025-01-01T22:33:06.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASP.NET\u00a0Core\u00a0-\u00a0Security\u00a0Feature\u00a0Bypass\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36558"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-36558"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36558"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93250330/index.html"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/security-alert/2023/1115-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2023/at230028.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-36049"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6480-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "PACKETSTORM",
"id": "175784"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"db": "PACKETSTORM",
"id": "175784"
},
{
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"date": "2023-11-16T14:52:25",
"db": "PACKETSTORM",
"id": "175784"
},
{
"date": "2023-11-14T22:15:29.323000",
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2023-007579"
},
{
"date": "2025-01-01T03:15:20.607000",
"db": "NVD",
"id": "CVE-2023-36558"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft\u0027s multiple \u00a0Microsoft\u00a0 Vulnerabilities that bypass security features in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-007579"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "175784"
}
],
"trust": 0.1
}
}
VAR-202112-1833
Vulnerability from variot - Updated: 2024-11-23 23:11ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. Visual Studio Code is an open source code editor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1833",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.11"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2022",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "17.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.11 (includes 16.0 - 16.10)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.9 (includes 16.0 - 16.8)"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2022 17.0"
},
{
"model": "microsoft visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2019 16.7 (includes 16.0 - 16.6)"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rami Abughazaleh",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
}
],
"trust": 0.6
},
"cve": "CVE-2021-43877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43877",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-43877",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2021-43877",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-43877",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43877",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-43877",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-43877",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1181",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. Visual Studio Code is an open source code editor",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43877",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006050",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021121451",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"id": "VAR-202112-1833",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T23:11:03.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASP.NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877"
},
{
"title": "Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-43877"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43877"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20211215-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210051.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121451"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-43877"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-43877"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
},
{
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"date": "2021-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1181"
},
{
"date": "2021-12-15T15:15:10.950000",
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-24T07:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-006050"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1181"
},
{
"date": "2024-11-21T06:29:58.677000",
"db": "NVD",
"id": "CVE-2021-43877"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET\u00a0Core\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Vulnerability to elevate privileges in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006050"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1181"
}
],
"trust": 0.6
}
}
VAR-202101-1406
Vulnerability from variot - Updated: 2024-11-23 23:07ASP.NET Core and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0096-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0096 Issue date: 2021-01-13 CVE Names: CVE-2021-1723 =====================================================================
- Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.
Security Fix(es):
- dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-1723 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ oSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy bhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP GRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge l97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG iqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg hHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL jFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD yYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt FXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l ZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj allfL6TeAQ== =fmd6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "asp.net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.1"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "asp.net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.10"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160935"
},
{
"db": "PACKETSTORM",
"id": "160946"
},
{
"db": "PACKETSTORM",
"id": "160930"
},
{
"db": "PACKETSTORM",
"id": "160934"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
}
],
"trust": 1.0
},
"cve": "CVE-2021-1723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-1723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-1723",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1723",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-1723",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-1723",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
},
{
"db": "NVD",
"id": "CVE-2021-1723"
},
{
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:0096-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0096\nIssue date: 2021-01-13\nCVE Names: CVE-2021-1723 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.102 and .NET Runtime\n5.0.2. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock\nwhen using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-1723\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ\noSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy\nbhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP\nGRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge\nl97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG\niqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg\nhHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL\njFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD\nyYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt\nFXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l\nZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj\nallfL6TeAQ==\n=fmd6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1723"
},
{
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"db": "PACKETSTORM",
"id": "160935"
},
{
"db": "PACKETSTORM",
"id": "160946"
},
{
"db": "PACKETSTORM",
"id": "160930"
},
{
"db": "PACKETSTORM",
"id": "160934"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1723",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "160930",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0129",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-1723",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160935",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160946",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"db": "PACKETSTORM",
"id": "160935"
},
{
"db": "PACKETSTORM",
"id": "160946"
},
{
"db": "PACKETSTORM",
"id": "160930"
},
{
"db": "PACKETSTORM",
"id": "160934"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
},
{
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"id": "VAR-202101-1406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T23:07:40.639000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft ASP.NET Core and Visual Studio Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139337"
},
{
"title": "Red Hat: Important: dotnet5.0 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210094 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210114 - Security Advisory"
},
{
"title": "Red Hat: Important: dotnet3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210095 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210096 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-17"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-1723 log"
},
{
"title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-16"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1723"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-1723"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1723"
},
{
"trust": 1.0,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1723"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rrxherxw4kr5wcp76udw5pc7gx3yqluw/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3l27cgrvewupelnjogtcw6gledbecb4b/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-january-2021-34297"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-17007/cve-2021-1723"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160930/red-hat-security-advisory-2021-0096-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/asp-net-core-denial-of-service-via-callbacks-34307"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0129/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2021:0094"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0096"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"db": "PACKETSTORM",
"id": "160935"
},
{
"db": "PACKETSTORM",
"id": "160946"
},
{
"db": "PACKETSTORM",
"id": "160930"
},
{
"db": "PACKETSTORM",
"id": "160934"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
},
{
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"db": "PACKETSTORM",
"id": "160935"
},
{
"db": "PACKETSTORM",
"id": "160946"
},
{
"db": "PACKETSTORM",
"id": "160930"
},
{
"db": "PACKETSTORM",
"id": "160934"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
},
{
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"date": "2021-01-13T15:19:08",
"db": "PACKETSTORM",
"id": "160935"
},
{
"date": "2021-01-13T23:19:30",
"db": "PACKETSTORM",
"id": "160946"
},
{
"date": "2021-01-13T15:11:46",
"db": "PACKETSTORM",
"id": "160930"
},
{
"date": "2021-01-13T15:18:53",
"db": "PACKETSTORM",
"id": "160934"
},
{
"date": "2021-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-809"
},
{
"date": "2021-01-12T20:15:34.993000",
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1723"
},
{
"date": "2021-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-809"
},
{
"date": "2024-11-21T05:44:58.590000",
"db": "NVD",
"id": "CVE-2021-1723"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core and Visual Studio Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-809"
}
],
"trust": 0.6
}
}
VAR-201811-0478
Vulnerability from variot - Updated: 2024-11-23 22:58A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary:
An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- .NET Core: Arbitrary file and directory creation (CVE-2018-8416)
For more information, please refer to the upstream docs in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm
x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.1"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Danny Grander of Snyk.",
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
],
"trust": 0.9
},
"cve": "CVE-2018-8416",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-8416",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-8416",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8416",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8416",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-363",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:3676-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3676\nIssue date: 2018-11-27\nCVE Names: CVE-2018-8416\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)\n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8416\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6\n8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK\np3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA\ngAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh\nezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy\ngmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l\nt4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3\nrRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9\nlzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2\nGpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4\nW9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC\nuuianWdqhaI=i2VD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8416"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "BID",
"id": "105798"
},
{
"db": "PACKETSTORM",
"id": "150479"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8416",
"trust": 2.8
},
{
"db": "BID",
"id": "105798",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1042128",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150479",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "PACKETSTORM",
"id": "150479"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"id": "VAR-201811-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:58:49.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8416 | .NET Core Tampering Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8416"
},
{
"title": "CVE-2018-8416 | .NET Core \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8416"
},
{
"title": "Microsoft .NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86772"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:3676"
},
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1042128"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105798"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8416"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8416"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180046.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8416"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "PACKETSTORM",
"id": "150479"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "105798"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"db": "PACKETSTORM",
"id": "150479"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "105798"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"date": "2018-11-27T17:23:43",
"db": "PACKETSTORM",
"id": "150479"
},
{
"date": "2018-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"date": "2018-11-14T01:29:00.427000",
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-13T00:00:00",
"db": "BID",
"id": "105798"
},
{
"date": "2019-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013498"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-363"
},
{
"date": "2024-11-21T04:13:47",
"db": "NVD",
"id": "CVE-2018-8416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core Vulnerabilities to be tampered with",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013498"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "105798"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-363"
}
],
"trust": 0.9
}
}
VAR-201904-0790
Vulnerability from variot - Updated: 2024-11-23 22:58A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "2.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "BID",
"id": "107701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Giorgi Dalakishvili of the Bank of Georgia",
"sources": [
{
"db": "BID",
"id": "107701"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
}
],
"trust": 0.9
},
"cve": "CVE-2019-0815",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0815",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-13859",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0815",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0815",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0815",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-13859",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-364",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-0815",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0815"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"db": "BID",
"id": "107701"
},
{
"db": "VULMON",
"id": "CVE-2019-0815"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0815",
"trust": 3.4
},
{
"db": "BID",
"id": "107701",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-13859",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43570",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0815",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"db": "BID",
"id": "107701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"id": "VAR-201904-0790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
}
]
},
"last_update_date": "2024-11-23T22:58:44.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0815 | ASP.NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
},
{
"title": "CVE-2019-0815 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2019-0815"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-13859)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/160999"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91193"
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-april-2019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/107701"
},
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0815"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0815"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0815"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190410-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190015.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43570"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/19.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"db": "BID",
"id": "107701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"db": "BID",
"id": "107701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"date": "2019-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107701"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"date": "2019-04-09T21:29:01.270000",
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13859"
},
{
"date": "2019-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0815"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107701"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002689"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-364"
},
{
"date": "2024-11-21T04:17:19.770000",
"db": "NVD",
"id": "CVE-2019-0815"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-364"
}
],
"trust": 0.6
}
}
VAR-202009-0169
Vulnerability from variot - Updated: 2024-11-23 22:44A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.
The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.
The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.
. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to set a second cookie. The following products and versions are affected: ASP.NET Core 2.1 version, ASP.NET Core 3.1 version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux Advisory ID: RHSA-2020:3697-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3697 Issue date: 2020-09-08 CVE Names: CVE-2020-1045 ==================================================================== 1. Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1045 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX1fMj9zjgjWX9erEAQh6wA/+NBE91/LaDoq9eYFxfrqVguYZ1Pmb0oBs B4B0pXCUloGDDFTLmFPyIXPwXt1oklGPJ7/UuA4A6Bn2pNNLCGCbP/sDRHOoqcoe NMWrC5z3f8eHU0A+OLZjCfUBHrkZl3FCgDqGW4h5un0TCfCA/x5RRq/3gp/QKYmq cIckR5jkQtw9HrAsUdhjNfnapqGOpryMj0BEy43p1sr3dWeR4vndaddjz7ghbddZ yt2igJzvQJzaY4f788dGqC07HzPL0ehEhqyvyyJtRK7Mg97q+rai5xyQuVS76y94 aogTKj8YI4r0FI0yhz5v+4Skr7osCSoodIucTEpYuB3i1A+ZLg+3hlSSogsryOUA jy46wqFivHPMggNXXKrE0usJNPZf3+7dpuSarNtm57SFKKCx18dAhWUkK0WjTYox aa9NEAT5+z7NSI8snTwVP7bVbTRGIZPZbWEzMcL4VGjo05iGm32UCj1tHJYUWEhS sZD7gSqAk/ieuRAYXAd9DStKFPmjf5lKe823L1Fjw6fIGHGXfjeAyhuvIArL1UJc K9IKEBrG9FoxXd/01jOrjvobbEeMbLnFo3mRSMd6n1/nBGNbp9cTbELzQzX13Vf8 /LNeD82fuk2reO7w430Zx0AJZH3kyjLB5zbtLtVwC8f2oOVYbGgJY4gcWTOgp5ej gKRtEISquJk=Nco9 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "enterprise linux aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "enterprise linux tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.8"
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "enterprise linux aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "asp.net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.21"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": "3.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Langlois of Github Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
}
],
"trust": 0.6
},
"cve": "CVE-2020-1045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-1045",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-72702",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-1045",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-1045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1045",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2020-1045",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-1045",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-72702",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-369",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-1045",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u003cp\u003eA security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.\u003c/p\u003e\n\u003cp\u003eThe ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.\u003c/p\u003e\n. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to set a second cookie. The following products and versions are affected: ASP.NET Core 2.1 version, ASP.NET Core 3.1 version. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux\nAdvisory ID: RHSA-2020:3697-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3697\nIssue date: 2020-09-08\nCVE Names: CVE-2020-1045\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.108-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.108-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.108-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1045\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX1fMj9zjgjWX9erEAQh6wA/+NBE91/LaDoq9eYFxfrqVguYZ1Pmb0oBs\nB4B0pXCUloGDDFTLmFPyIXPwXt1oklGPJ7/UuA4A6Bn2pNNLCGCbP/sDRHOoqcoe\nNMWrC5z3f8eHU0A+OLZjCfUBHrkZl3FCgDqGW4h5un0TCfCA/x5RRq/3gp/QKYmq\ncIckR5jkQtw9HrAsUdhjNfnapqGOpryMj0BEy43p1sr3dWeR4vndaddjz7ghbddZ\nyt2igJzvQJzaY4f788dGqC07HzPL0ehEhqyvyyJtRK7Mg97q+rai5xyQuVS76y94\naogTKj8YI4r0FI0yhz5v+4Skr7osCSoodIucTEpYuB3i1A+ZLg+3hlSSogsryOUA\njy46wqFivHPMggNXXKrE0usJNPZf3+7dpuSarNtm57SFKKCx18dAhWUkK0WjTYox\naa9NEAT5+z7NSI8snTwVP7bVbTRGIZPZbWEzMcL4VGjo05iGm32UCj1tHJYUWEhS\nsZD7gSqAk/ieuRAYXAd9DStKFPmjf5lKe823L1Fjw6fIGHGXfjeAyhuvIArL1UJc\nK9IKEBrG9FoxXd/01jOrjvobbEeMbLnFo3mRSMd6n1/nBGNbp9cTbELzQzX13Vf8\n/LNeD82fuk2reO7w430Zx0AJZH3kyjLB5zbtLtVwC8f2oOVYbGgJY4gcWTOgp5ej\ngKRtEISquJk=Nco9\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1045"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"db": "PACKETSTORM",
"id": "159112"
},
{
"db": "PACKETSTORM",
"id": "159113"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1045",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159113",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-72702",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "49612",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-1045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159112",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "PACKETSTORM",
"id": "159112"
},
{
"db": "PACKETSTORM",
"id": "159113"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"id": "VAR-202009-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
}
]
},
"last_update_date": "2024-11-23T22:44:27.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-1045\u00a0|\u00a0Microsoft\u00a0ASP.NET\u00a0Core\u00a0Security\u00a0Feature\u00a0Bypass\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045"
},
{
"title": "Microsoft .NET Core and ASP.NET Core security feature bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/242194"
},
{
"title": "Microsoft .NET Core and Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=127790"
},
{
"title": "Red Hat: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203697 - Security Advisory"
},
{
"title": "Red Hat: Important: .NET Core 3.1 security and bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203699 - Security Advisory"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1045"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:3699"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1045"
},
{
"trust": 1.6,
"url": "https://security.snyk.io/vuln/snyk-rhel8-dotnet-1439600"
},
{
"trust": 1.6,
"url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318"
},
{
"trust": 1.2,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1045"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ln2fuvbsvpgk7au3nmlo3yr6cgonqpb/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/asicxqxs4m7mtaf6sgqmclca63dlcut3/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200909-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200036.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ln2fuvbsvpgk7au3nmlo3yr6cgonqpb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/asicxqxs4m7mtaf6sgqmclca63dlcut3/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49612"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-asp-net-core-privilege-escalation-33271"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159113/red-hat-security-advisory-2020-3699-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3075/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:3697"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1045"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187294"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "PACKETSTORM",
"id": "159112"
},
{
"db": "PACKETSTORM",
"id": "159113"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"db": "PACKETSTORM",
"id": "159112"
},
{
"db": "PACKETSTORM",
"id": "159113"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"date": "2020-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"date": "2020-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"date": "2020-09-08T21:26:00",
"db": "PACKETSTORM",
"id": "159112"
},
{
"date": "2020-09-08T21:26:09",
"db": "PACKETSTORM",
"id": "159113"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"date": "2020-09-11T17:15:18.307000",
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-72702"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1045"
},
{
"date": "2020-10-27T07:09:00",
"db": "JVNDB",
"id": "JVNDB-2020-009287"
},
{
"date": "2022-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-369"
},
{
"date": "2024-11-21T05:09:37.813000",
"db": "NVD",
"id": "CVE-2020-1045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft\u00a0ASP.NET\u00a0Core\u00a0 Vulnerabilities that bypass security functions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009287"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-369"
}
],
"trust": 0.6
}
}
VAR-201803-1708
Vulnerability from variot - Updated: 2024-11-23 22:41.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". Microsoft .NET is prone to a denial-of-service vulnerability. Successful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0522-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0522 Issue date: 2018-03-14 CVE Names: CVE-2018-0875 =====================================================================
- Summary:
Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and includes a CLR implementation.
These correspond to the March 2018 security release by .NET Core upstream projects.
Security Fix(es):
- .NET Core: Hash Collision Denial of Service (CVE-2018-0875)
Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue.
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0875 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc slFh/sAwzwax82xICfw1G1M= =37s1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1708",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.4,
"vendor": "microsoft",
"version": "6.0.0"
},
{
"model": "powershell core",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ben Adams of Illyriad Games",
"sources": [
{
"db": "BID",
"id": "103225"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0875",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0875",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0875",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-522",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\". Microsoft .NET is prone to a denial-of-service vulnerability. \nSuccessful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:0522-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0522\nIssue date: 2018-03-14\nCVE Names: CVE-2018-0875 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\nThese correspond to the March 2018 security release by .NET Core upstream\nprojects. \n\nSecurity Fix(es):\n\n* .NET Core: Hash Collision Denial of Service (CVE-2018-0875)\n\nRed Hat would like to thank Ben Adams (Illyriad Games) for reporting this\nissue. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0875\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc\nslFh/sAwzwax82xICfw1G1M=\n=37s1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "BID",
"id": "103225"
},
{
"db": "PACKETSTORM",
"id": "146768"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0875",
"trust": 2.8
},
{
"db": "BID",
"id": "103225",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040505",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "146768",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "PACKETSTORM",
"id": "146768"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"id": "VAR-201803-1708",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:41:53.763000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0875 | .NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875"
},
{
"title": "CVE-2018-0875 | .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0875"
},
{
"title": "Microsoft .NET Core and PowerShell Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79171"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0875"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2018:0522"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1040505"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/103225"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0875"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180011.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/net/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0875"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "PACKETSTORM",
"id": "146768"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "103225"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"db": "PACKETSTORM",
"id": "146768"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103225"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"date": "2018-03-15T15:52:13",
"db": "PACKETSTORM",
"id": "146768"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"date": "2018-03-14T17:29:00.980000",
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103225"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002560"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-522"
},
{
"date": "2024-11-21T03:39:08.307000",
"db": "NVD",
"id": "CVE-2018-0875"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET Core and PowerShell Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002560"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-522"
}
],
"trust": 0.6
}
}
VAR-202001-0122
Vulnerability from variot - Updated: 2024-11-23 22:33A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. "Denial of service (DoS) May be in a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from the software's incorrect handling of web requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:0134-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134 Issue date: 2020-01-16 CVE Names: CVE-2020-0602 CVE-2020-0603 ==================================================================== 1. Summary:
An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.
Security Fixes:
-
dotnet: Memory Corruption in SignalR (CVE-2020-0603)
-
dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)
Users must rebuild their applications to pick up the fixes.
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102 1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101 1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue 1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0603 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6 KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3 FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ 2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+ XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1 2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw 8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK EuYGFNW4Ux4\xadZz -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "none"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "eus"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
}
],
"trust": 0.8
},
"cve": "CVE-2020-0602",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-0602",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-16652",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-0602",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-0602",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0602",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-0602",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16652",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-471",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. \"Denial of service (DoS) May be in a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from the software\u0027s incorrect handling of web requests. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2020:0134-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0134\nIssue date: 2020-01-16\nCVE Names: CVE-2020-0602 CVE-2020-0603\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available\nfor .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated versions are .NET Core SDK 3.0.102, .NET Core\nRuntime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. \n\nSecurity Fixes:\n\n* dotnet: Memory Corruption in SignalR (CVE-2020-0603)\n\n* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)\n\nUsers must rebuild their applications to pick up the fixes. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102\n1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101\n1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue\n1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-0602\nhttps://access.redhat.com/security/cve/CVE-2020-0603\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j\nF2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6\nKjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3\nFIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B\nedz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ\n2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+\nXXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI\nM3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM\nL6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1\n2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw\n8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK\nEuYGFNW4Ux4\\xadZz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0602"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0602",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155981",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-16652",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0186",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155977",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"id": "VAR-202001-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
}
]
},
"last_update_date": "2024-11-23T22:33:37.607000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2020:0130",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"title": "RHSA-2020:0134",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
},
{
"title": "CVE-2020-0602 | ASP.NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
},
{
"title": "CVE-2020-0602 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0602"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-16652)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208311"
},
{
"title": "Microsoft ASP.NET Core Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108469"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0130"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0134"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0602"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0602"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0602"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200001.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-0602"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0186/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155981/red-hat-security-advisory-2020-0134-01.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0603"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"date": "2020-01-16T16:43:31",
"db": "PACKETSTORM",
"id": "155977"
},
{
"date": "2020-01-16T16:45:15",
"db": "PACKETSTORM",
"id": "155981"
},
{
"date": "2020-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"date": "2020-01-14T23:15:30.287000",
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16652"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001114"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-471"
},
{
"date": "2024-11-21T04:53:50.220000",
"db": "NVD",
"id": "CVE-2020-0602"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Denial of service in Japan (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001114"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-471"
}
],
"trust": 0.6
}
}
VAR-202001-0123
Vulnerability from variot - Updated: 2024-11-23 22:33A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program's inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:0134-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134 Issue date: 2020-01-16 CVE Names: CVE-2020-0602 CVE-2020-0603 ==================================================================== 1. Summary:
An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.
Security Fixes:
-
dotnet: Memory Corruption in SignalR (CVE-2020-0603)
-
dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)
Users must rebuild their applications to pick up the fixes.
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102 1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101 1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue 1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0603 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6 KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3 FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ 2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+ XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1 2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw 8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK EuYGFNW4Ux4\xadZz -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "3.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.6,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "none"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "eus"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
}
],
"trust": 0.8
},
"cve": "CVE-2020-0603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-0603",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-16653",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-0603",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-0603",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-0603",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-0603",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-16653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-470",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program\u0027s inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2020:0134-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0134\nIssue date: 2020-01-16\nCVE Names: CVE-2020-0602 CVE-2020-0603\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available\nfor .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core SDK 3.0.102, .NET Core\nRuntime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. \n\nSecurity Fixes:\n\n* dotnet: Memory Corruption in SignalR (CVE-2020-0603)\n\n* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)\n\nUsers must rebuild their applications to pick up the fixes. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102\n1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101\n1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue\n1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-0602\nhttps://access.redhat.com/security/cve/CVE-2020-0603\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j\nF2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6\nKjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3\nFIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B\nedz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ\n2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+\nXXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI\nM3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM\nL6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1\n2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw\n8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK\nEuYGFNW4Ux4\\xadZz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-0603"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-0603",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155981",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-16653",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0186",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155977",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"id": "VAR-202001-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
}
]
},
"last_update_date": "2024-11-23T22:33:37.569000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2020:0130",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"title": "RHSA-2020:0134",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
},
{
"title": "CVE-2020-0603 | ASP.NET Core Remote Code Execution Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
},
{
"title": "CVE-2020-0603 | ASP.NET Core \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0603"
},
{
"title": "Patch for Microsoft ASP.NET Core remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/208309"
},
{
"title": "Microsoft ASP.NET Core Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108468"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0130"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0134"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0603"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0603"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0603"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200001.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-0603"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0186/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155981/red-hat-security-advisory-2020-0134-01.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0602"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0602"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"db": "PACKETSTORM",
"id": "155977"
},
{
"db": "PACKETSTORM",
"id": "155981"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"date": "2020-01-16T16:43:31",
"db": "PACKETSTORM",
"id": "155977"
},
{
"date": "2020-01-16T16:45:15",
"db": "PACKETSTORM",
"id": "155981"
},
{
"date": "2020-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"date": "2020-01-14T23:15:30.347000",
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-16653"
},
{
"date": "2020-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001109"
},
{
"date": "2020-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-470"
},
{
"date": "2024-11-21T04:53:50.333000",
"db": "NVD",
"id": "CVE-2020-0603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Remote code execution vulnerability in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-470"
}
],
"trust": 0.6
}
}
VAR-201803-1625
Vulnerability from variot - Updated: 2024-11-23 22:26ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. This vulnerability CVE-2018-0784 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "BID",
"id": "103226"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrei Gorlov",
"sources": [
{
"db": "BID",
"id": "103226"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-0808",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06803",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-0808",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0808",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0808",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-06803",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-533",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-0808",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0784. This vulnerability CVE-2018-0784 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0808"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"db": "BID",
"id": "103226"
},
{
"db": "VULMON",
"id": "CVE-2018-0808"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0808",
"trust": 3.4
},
{
"db": "BID",
"id": "103226",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1040504",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-06803",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-0808",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"db": "BID",
"id": "103226"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"id": "VAR-201803-1625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
}
]
},
"last_update_date": "2024-11-23T22:26:26.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0808 | ASP.NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808"
},
{
"title": "CVE-2018-0808 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0808"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2018-06803)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/124403"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79182"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2018/03/13/patch_tuesday_march_2018/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/microsoft/microsoft-march-patch-tuesday-fixes-74-security-issues/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/103226"
},
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0808"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1040504"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0808"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0808"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180011.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/net/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103226"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"db": "BID",
"id": "103226"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"db": "BID",
"id": "103226"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"date": "2018-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103226"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"date": "2018-03-14T17:29:00.433000",
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06803"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0808"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103226"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002559"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-533"
},
{
"date": "2024-11-21T03:38:59.657000",
"db": "NVD",
"id": "CVE-2018-0808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002559"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-533"
}
],
"trust": 0.6
}
}
VAR-201909-0498
Vulnerability from variot - Updated: 2024-11-23 22:25An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core version 2.1, 2.2, and 3.0 have an input validation error vulnerability. An attacker could use this vulnerability to run a script in the security context of the current user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "3.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Routledge (@ediblecode)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-1302",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-1302",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1302",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1302",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-1302",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-483",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027. The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nMicrosoft ASP.NET Core version 2.1, 2.2, and 3.0 have an input validation error vulnerability. An attacker could use this vulnerability to run a script in the security context of the current user",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1302",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009186",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"id": "VAR-201909-0498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:25:47.264000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1302"
},
{
"title": "CVE-2019-1302 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1302"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1302"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1302"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1302"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190911-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2019/at190036.html"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1302"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-september-2019-30306"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"date": "2019-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"date": "2019-09-11T22:15:19.087000",
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009186"
},
{
"date": "2019-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-483"
},
{
"date": "2024-11-21T04:36:26.117000",
"db": "NVD",
"id": "CVE-2019-1302"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-483"
}
],
"trust": 0.6
}
}
VAR-201803-1622
Vulnerability from variot - Updated: 2024-11-23 22:22ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to implement HTML injection attacks to gain elevated permissions. An attacker can exploit this issue to gain elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1622",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "BID",
"id": "103282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikhail Shcherbakov",
"sources": [
{
"db": "BID",
"id": "103282"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0787",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-06777",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0787",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0787",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0787",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-06777",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-534",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to implement HTML injection attacks to gain elevated permissions. \nAn attacker can exploit this issue to gain elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0787"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"db": "BID",
"id": "103282"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0787",
"trust": 3.3
},
{
"db": "BID",
"id": "103282",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040525",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-06777",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "39065",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "BID",
"id": "103282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"id": "VAR-201803-1622",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
}
]
},
"last_update_date": "2024-11-23T22:22:11.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0787 | ASP.NET Core Elevation of Privilege Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787"
},
{
"title": "CVE-2018-0787 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0787"
},
{
"title": "Patch for Microsoft ASP.NET Core Remote Elevation of Privilege Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/124357"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79183"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-640",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0787"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0787"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/103282"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1040525"
},
{
"trust": 1.0,
"url": "https://github.com/aspnet/announcements/issues/295"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0787"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180011.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39065"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "BID",
"id": "103282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"db": "BID",
"id": "103282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103282"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"date": "2018-03-14T17:29:00.370000",
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06777"
},
{
"date": "2018-03-13T00:00:00",
"db": "BID",
"id": "103282"
},
{
"date": "2018-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002558"
},
{
"date": "2018-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-534"
},
{
"date": "2024-11-21T03:38:56.940000",
"db": "NVD",
"id": "CVE-2018-0787"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-534"
}
],
"trust": 0.6
}
}
VAR-201905-1186
Vulnerability from variot - Updated: 2024-11-23 22:21A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. An attacker can exploit this issue to cause a denial of service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1186",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "2.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "BID",
"id": "108208"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft.",
"sources": [
{
"db": "BID",
"id": "108208"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
}
],
"trust": 0.9
},
"cve": "CVE-2019-0982",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-0982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-20378",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0982",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0982",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-0982",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-20378",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-393",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-0982",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. \nAn attacker can exploit this issue to cause a denial of service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"db": "BID",
"id": "108208"
},
{
"db": "VULMON",
"id": "CVE-2019-0982"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0982",
"trust": 3.4
},
{
"db": "BID",
"id": "108208",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-20378",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0982",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"db": "BID",
"id": "108208"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"id": "VAR-201905-1186",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
}
]
},
"last_update_date": "2024-11-23T22:21:36.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
},
{
"title": "CVE-2019-0982 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0982"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-20378)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211635"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92543"
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0982"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0982"
},
{
"trust": 1.3,
"url": "https://www.securityfocus.com/bid/108208"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0982"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190023.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/19.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108208"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"db": "BID",
"id": "108208"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"db": "BID",
"id": "108208"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"date": "2019-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108208"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"date": "2019-05-16T19:29:05.083000",
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-20378"
},
{
"date": "2019-05-20T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0982"
},
{
"date": "2019-05-14T00:00:00",
"db": "BID",
"id": "108208"
},
{
"date": "2019-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003823"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-393"
},
{
"date": "2024-11-21T04:17:36.993000",
"db": "NVD",
"id": "CVE-2019-0982"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-393"
}
],
"trust": 0.6
}
}
VAR-201801-1127
Vulnerability from variot - Updated: 2024-11-23 22:12ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A remote attacker could use this vulnerability to change the recovery code on a user's account, causing a denial of service (permanent account lockout). An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "BID",
"id": "102379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "K\u00e9vin Chalet",
"sources": [
{
"db": "BID",
"id": "102379"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0785",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-00898",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0785",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0785",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0785",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-00898",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-405",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Cross Site Request Forgery Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A remote attacker could use this vulnerability to change the recovery code on a user\u0027s account, causing a denial of service (permanent account lockout). \nAn attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0785"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"db": "BID",
"id": "102379"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0785",
"trust": 3.3
},
{
"db": "BID",
"id": "102379",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040151",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00898",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "38604",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "BID",
"id": "102379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"id": "VAR-201801-1127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
}
]
},
"last_update_date": "2024-11-23T22:12:41.731000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0785 | ASP.NET Core Cross Site Request Forgery Vulnerabilty",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785"
},
{
"title": "CVE-2018-0785 | ASP.NET Core \u306e\u30af\u30ed\u30b9 \u30b5\u30a4\u30c8 \u30ea\u30af\u30a8\u30b9\u30c8 \u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0785"
},
{
"title": "Patch for Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113387"
},
{
"title": "Microsoft ASP.NET Core Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77660"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0785"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/102379"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1040151"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0785"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180002.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0785"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/38604"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "BID",
"id": "102379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "BID",
"id": "102379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102379"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"date": "2018-01-10T01:29:00.290000",
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102379"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001242"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-405"
},
{
"date": "2024-11-21T03:38:56.653000",
"db": "NVD",
"id": "CVE-2018-0785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00898"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-405"
}
],
"trust": 0.6
}
}
VAR-201801-1126
Vulnerability from variot - Updated: 2024-11-23 22:12ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. An attacker can exploit this issue to gain elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "K\u00e9vin Chalet",
"sources": [
{
"db": "BID",
"id": "102377"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00899",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-0784",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0784",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-0784",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-00899",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-406",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user\u0027s security context. \nAn attacker can exploit this issue to gain elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "BID",
"id": "102377"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0784",
"trust": 3.3
},
{
"db": "BID",
"id": "102377",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1040151",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00899",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"id": "VAR-201801-1126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
}
]
},
"last_update_date": "2024-11-23T22:12:41.699000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784"
},
{
"title": "CVE-2018-0784 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0784"
},
{
"title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2018-00899)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/113385"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102377"
},
{
"trust": 2.2,
"url": "http://www.securitytracker.com/id/1040151"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0784"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180002.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0784"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102377"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"date": "2018-01-10T01:29:00.243000",
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102377"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"date": "2024-11-21T03:38:56.513000",
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
],
"trust": 0.6
}
}
VAR-201810-1125
Vulnerability from variot - Updated: 2024-11-23 22:12An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. An attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:2902-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2902 Issue date: 2018-10-09 CVE Names: CVE-2018-8292 =====================================================================
- Summary:
Updates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
These versions correspond to the October 2018 security release by .NET Core upstream projects.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-8292 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/88
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH VYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N Z7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ gzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3 NrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n LuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB f9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb INZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7 FgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y +1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs sdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az 9K+HIBmUA6I= =+FXG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powershell core",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:powershell_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "105548"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8292",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-8292",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8292",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8292",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8292",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-492",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-8292",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. \nAn attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID: RHSA-2018:2902-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2902\nIssue date: 2018-10-09\nCVE Names: CVE-2018-8292 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are\nnow available for .NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nThese versions correspond to the October 2018 security release by .NET Core\nupstream projects. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8292\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/88\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH\nVYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N\nZ7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ\ngzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3\nNrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n\nLuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB\nf9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb\nINZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7\nFgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y\n+1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs\nsdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az\n9K+HIBmUA6I=\n=+FXG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8292"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "PACKETSTORM",
"id": "149745"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8292",
"trust": 2.9
},
{
"db": "BID",
"id": "105548",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-8292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149745",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "PACKETSTORM",
"id": "149745"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"id": "VAR-201810-1125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:12:18.450000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8292 | .NET Core Information Disclosure Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8292"
},
{
"title": "CVE-2018-8292 | .NET Core \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8292"
},
{
"title": "Microsoft .NET Core and PowerShell Core Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85661"
},
{
"title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182902 - Security Advisory"
},
{
"title": "Red Hat: CVE-2018-8292",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-8292"
},
{
"title": "TrivyDepsFalsePositive",
"trust": 0.1,
"url": "https://github.com/StasJS/TrivyDepsFalsePositive "
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/SimonCropp/OssIndexClient "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8292"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2018:2902"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/105548"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8292"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8292"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20181010-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180041.html"
},
{
"trust": 0.4,
"url": "https://github.com/dotnet/announcements/issues/88"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/stasjs/trivydepsfalsepositive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105548"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8292"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "PACKETSTORM",
"id": "149745"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"db": "BID",
"id": "105548"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"db": "PACKETSTORM",
"id": "149745"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105548"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"date": "2018-10-10T17:38:30",
"db": "PACKETSTORM",
"id": "149745"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"date": "2018-10-10T13:29:01.213000",
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8292"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105548"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010455"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-492"
},
{
"date": "2024-11-21T04:13:33.930000",
"db": "NVD",
"id": "CVE-2018-8292"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft NET Core and PowerShell Core Vulnerability in which information is disclosed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-492"
}
],
"trust": 0.6
}
}
VAR-201907-1509
Vulnerability from variot - Updated: 2024-11-23 22:11A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could exploit this vulnerability with a specially crafted URL to redirect users to a malicious website. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1509",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.2"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "108984"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported through Datalust.",
"sources": [
{
"db": "BID",
"id": "108984"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
}
],
"trust": 0.9
},
"cve": "CVE-2019-1075",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-1075",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-1075",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-1075",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-1075",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-430",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1075",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1075"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka \u0027ASP.NET Core Spoofing Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could exploit this vulnerability with a specially crafted URL to redirect users to a malicious website. \nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1075"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"db": "BID",
"id": "108984"
},
{
"db": "VULMON",
"id": "CVE-2019-1075"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1075",
"trust": 2.8
},
{
"db": "BID",
"id": "108984",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-1075",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1075"
},
{
"db": "BID",
"id": "108984"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"id": "VAR-201907-1509",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-11-23T22:11:56.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-1075 | ASP.NET Core Spoofing Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
},
{
"title": "CVE-2019-1075 | ASP.NET Core \u306e\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1075"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94569"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1075"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1075"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1075"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1075"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190710-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190029.html"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/108984"
}
],
"sources": [
{
"db": "BID",
"id": "108984"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-1075"
},
{
"db": "BID",
"id": "108984"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1075"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "108984"
},
{
"date": "2019-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"date": "2019-07-15T19:15:17.343000",
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1075"
},
{
"date": "2019-07-09T00:00:00",
"db": "BID",
"id": "108984"
},
{
"date": "2019-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006509"
},
{
"date": "2019-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-430"
},
{
"date": "2024-11-21T04:35:57.970000",
"db": "NVD",
"id": "CVE-2019-1075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Vulnerability to be spoofed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006509"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "108984"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-430"
}
],
"trust": 0.9
}
}
VAR-201809-1040
Vulnerability from variot - Updated: 2024-11-23 22:06A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a "denial of service".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1040",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": ".net core",
"scope": "eq",
"trust": 2.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "system.io.pipelines",
"scope": null,
"trust": 1.4,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.4"
},
{
"model": "system.io.pipelines",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.5.0"
},
{
"model": "asp.net core",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1.4"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": "system.io.pipelines",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "system.io.pipelines",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:system.io.pipelines",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "105223"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
],
"trust": 0.9
},
"cve": "CVE-2018-8409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-8409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-00352",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8409",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8409",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8409",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8409",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-00352",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-539",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a \"denial of service\".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8409"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "BID",
"id": "105223"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8409",
"trust": 3.3
},
{
"db": "BID",
"id": "105223",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-00352",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"id": "VAR-201809-1040",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
}
],
"trust": 0.99586466
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
}
]
},
"last_update_date": "2024-11-23T22:06:36.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-8409 | System.IO.Pipelines Denial of Service",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8409"
},
{
"title": "CVE-2018-8409 | System.IO.Pipelines \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8409"
},
{
"title": "Patch for Microsoft .NET Core, ASP.NET Core, and System.IO.Pipelines Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/148781"
},
{
"title": "Microsoft .NET Core , ASP.NET Core and System.IO.Pipelines Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84810"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/105223"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8409"
},
{
"trust": 1.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8409"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180912-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180038.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8409"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"db": "BID",
"id": "105223"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105223"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"date": "2018-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"date": "2018-09-13T00:29:02.037000",
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-00352"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105223"
},
{
"date": "2018-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009516"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-539"
},
{
"date": "2024-11-21T04:13:46.097000",
"db": "NVD",
"id": "CVE-2018-8409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009516"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-539"
}
],
"trust": 0.6
}
}
VAR-202005-0134
Vulnerability from variot - Updated: 2024-11-23 22:05A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. (DoS) Vulnerability exists. Microsoft Visual Studio is a series of development tool suite products and a basic and complete development tool set. It includes most of the tools needed throughout the software life cycle. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:2249-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2249 Issue date: 2020-05-21 CVE Names: CVE-2020-1108 CVE-2020-1161 =====================================================================
- Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4.
Security Fix(es):
- dotnet: Denial of service via untrusted input (CVE-2020-1108)
- dotnet: Denial of service due to infinite loop (CVE-2020-1161)
Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input 1827645 - CVE-2020-1161 dotnet: Denial of service due to infinite loop
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.104-2.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.104-2.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.104-2.el7.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1108 https://access.redhat.com/security/cve/CVE-2020-1161 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXsaf4tzjgjWX9erEAQjTHA//daLObmVWkk7wO3loCqPQJgXiuyshm1Jj 2pXg1tT24AQE2lGzOts8f7HjpCC60LeSAXLQseKlmZ7Nrdhi/KE8dFto3JhcBp0n fjFHoImjPgz5cIOWU94LS9H3ST9Ih+kL9b9o4DIRff6/KlpWEvdfoMejgaNl4zjW YV+ozpiDxmvOo0OudxMgFiw17iSUO28a3HZqLBz+DE/7+2RY8irLGVyYo/0XVpz0 mnbkDWcue4wJmDcQzrtsSSLm2L3m3CIHGF4kJ+C3QdSdtOQchHG3Y9XtkeEEIWz8 uHE+gkfRU9Nm+cw+4QMW7o0b1mwX329oyd+1O5D/KeaJ6ABM8yfihEfmVxSpCGW1 4+qSjDNeauC+c/Rm0jBtWRQCct/XJQbBrqii05dlarA9a+YHiBeIkDt5U46Y0/FD CcAsZtyf1Zfe8DyTFMsEQ5DDltudbRgguTbEmMBEeOOkmZFQE7aSI5veeWuUuxqs UIjckIgUN7MWYtm8Fq4KMOJe5l4uYwY3T3G6r8AxxJs1PLokuYvT7CHTkjPg9hEG Dv4J3fkzD9rybvaZUDkTDDLgGoK3zHSlcYlRAEwLT9aN2pCF0PyHYnZtsdz93oEP tyddvt2olVLDsJBkYlTvwRBVNLTzv7Uj4qFUJqW4LjhtGpHZvld60Gf7xh8ooqv7 g8PwL1mfJdI= =8ZmH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.5"
},
{
"model": "visual studio 2017",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.1"
},
{
"model": "visual studio 2017",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "15.9"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017 version 15.9 (includes 15.0 - 15.8)"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2019 version 16.0"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2019 version 16.4 (includes 16.0 - 16.3)"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2019 version 16.5"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "201715.9"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "201916.0"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "201916.4"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "201916.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:asp.net_core",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:visual_studio",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
}
],
"trust": 0.8
},
"cve": "CVE-2020-1161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-1161",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005783",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-40626",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-1161",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005783",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1161",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005783",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-40626",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-568",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. (DoS) Vulnerability exists. Microsoft Visual Studio is a series of development tool suite products and a basic and complete development tool set. It includes most of the tools needed throughout the software life cycle. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID: RHSA-2020:2249-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2249\nIssue date: 2020-05-21\nCVE Names: CVE-2020-1108 CVE-2020-1161 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core SDK 3.1.104 and .NET Core\nRuntime 3.1.4. \n\nSecurity Fix(es):\n\n* dotnet: Denial of service via untrusted input (CVE-2020-1108)\n* dotnet: Denial of service due to infinite loop (CVE-2020-1161)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input\n1827645 - CVE-2020-1161 dotnet: Denial of service due to infinite loop\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1108\nhttps://access.redhat.com/security/cve/CVE-2020-1161\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXsaf4tzjgjWX9erEAQjTHA//daLObmVWkk7wO3loCqPQJgXiuyshm1Jj\n2pXg1tT24AQE2lGzOts8f7HjpCC60LeSAXLQseKlmZ7Nrdhi/KE8dFto3JhcBp0n\nfjFHoImjPgz5cIOWU94LS9H3ST9Ih+kL9b9o4DIRff6/KlpWEvdfoMejgaNl4zjW\nYV+ozpiDxmvOo0OudxMgFiw17iSUO28a3HZqLBz+DE/7+2RY8irLGVyYo/0XVpz0\nmnbkDWcue4wJmDcQzrtsSSLm2L3m3CIHGF4kJ+C3QdSdtOQchHG3Y9XtkeEEIWz8\nuHE+gkfRU9Nm+cw+4QMW7o0b1mwX329oyd+1O5D/KeaJ6ABM8yfihEfmVxSpCGW1\n4+qSjDNeauC+c/Rm0jBtWRQCct/XJQbBrqii05dlarA9a+YHiBeIkDt5U46Y0/FD\nCcAsZtyf1Zfe8DyTFMsEQ5DDltudbRgguTbEmMBEeOOkmZFQE7aSI5veeWuUuxqs\nUIjckIgUN7MWYtm8Fq4KMOJe5l4uYwY3T3G6r8AxxJs1PLokuYvT7CHTkjPg9hEG\nDv4J3fkzD9rybvaZUDkTDDLgGoK3zHSlcYlRAEwLT9aN2pCF0PyHYnZtsdz93oEP\ntyddvt2olVLDsJBkYlTvwRBVNLTzv7Uj4qFUJqW4LjhtGpHZvld60Gf7xh8ooqv7\ng8PwL1mfJdI=\n=8ZmH\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"db": "VULMON",
"id": "CVE-2020-1161"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1161",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157794",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-40626",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1814",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46715",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-1161",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157788",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "VULMON",
"id": "CVE-2020-1161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"id": "VAR-202005-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
}
],
"trust": 0.79172932
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
}
]
},
"last_update_date": "2024-11-23T22:05:38.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-1161 | ASP.NET Core Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1161"
},
{
"title": "CVE-2020-1161 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-1161"
},
{
"title": "Patch for Microsoft ASP.NET Core input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225853"
},
{
"title": "Microsoft ASP.NET Core Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119629"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1161"
},
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1161"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1161"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1161"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20200513-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200022.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157794/red-hat-security-advisory-2020-2250-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46715"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1814/"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1161"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2020-32249"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1108"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1108"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2249"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "VULMON",
"id": "CVE-2020-1161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "VULMON",
"id": "CVE-2020-1161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"db": "PACKETSTORM",
"id": "157794"
},
{
"db": "PACKETSTORM",
"id": "157788"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"date": "2020-05-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1161"
},
{
"date": "2020-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"date": "2020-05-21T16:41:39",
"db": "PACKETSTORM",
"id": "157794"
},
{
"date": "2020-05-21T16:34:50",
"db": "PACKETSTORM",
"id": "157788"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"date": "2020-05-21T23:15:17.603000",
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"date": "2020-05-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1161"
},
{
"date": "2020-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005783"
},
{
"date": "2020-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-568"
},
{
"date": "2024-11-21T05:09:52.817000",
"db": "NVD",
"id": "CVE-2020-1161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core input validation error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-40626"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-568"
}
],
"trust": 0.6
}
}