PT-2017-18429 · Microsoft · Common Object Runtime Library+1

Published

2017-07-11

Updated

2022-05-17

CVE-2017-8585

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 4.6 through 4.7

Description A denial of service issue exists due to improper handling of web requests by the Microsoft Common Object Runtime Library. This allows an attacker to send specially crafted requests to a .NET web application, resulting in denial of service.

Recommendations For Microsoft .NET Framework versions 4.6 through 4.7, consider restricting access to the web application to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-8585

GHSA-8884-XCR4-R68P

RHSA-2017:3248

Affected Products

.Net Framework

Common Object Runtime Library

PT-2017-18429 · Microsoft · Common Object Runtime Library+1

CVE-2017-8585

Weakness Enumeration

Related Identifiers

Affected Products

References · 9