PT-2018-9060 · Microsoft · Net Core+1
Published
2018-05-08
·
Updated
2018-10-16
·
CVE-2018-0765
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Microsoft .NET Framework versions 2.0 through 4.7.1
Microsoft .NET Framework versions 4.5.2 through 4.7.2
.NET Core version 2.0
Description:
A denial of service issue exists due to improper processing of XML documents by .NET and .NET Core. This could allow a remote unauthenticated attacker to cause a denial of service against a .NET application by issuing specially crafted requests.
Recommendations:
For Microsoft .NET Framework versions 2.0 through 4.7.1, update to a version later than 4.7.1 to resolve the issue.
For Microsoft .NET Framework versions 4.5.2 through 4.7.2, update to a version later than 4.7.2 to resolve the issue.
For .NET Core version 2.0, update to a version later than 2.0 to resolve the issue.
Fix
DoS
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Net Core
.Net Framework