ID CVE-2017-11883
Summary .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 101835
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883
sectrack 1039793
Last major update 03-10-2019 - 00:03
Published 15-11-2017 - 03:29
Last modified 03-10-2019 - 00:03
Back to Top