PT-2017-12233 · Microsoft · Net Core

Published

2017-11-15

Updated

2022-04-12

CVE-2017-11770

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions .NET Core versions 1.0 through 2.0

Description A denial of service issue exists due to improper handling of certificate data parsing, allowing an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application.

Recommendations For .NET Core versions 1.0 through 2.0, update to a version that properly handles certificate data parsing to prevent denial of service attacks.

Fix

DoS

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2017-11770

GHSA-7MFR-774F-W5R9

RHSA-2017:3248

Affected Products

Net Core

PT-2017-12233 · Microsoft · Net Core

CVE-2017-11770

Weakness Enumeration

Related Identifiers

Affected Products

References · 7