All the vulnerabilites related to Microsoft - ASP.NET Core
cve-2019-0815
Vulnerability from cvelistv5
Published
2019-04-09 20:16
Modified
2024-08-04 17:58
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:59.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
          },
          {
            "name": "107701",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107701"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T21:06:06",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
        },
        {
          "name": "107701",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107701"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0815",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
            },
            {
              "name": "107701",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107701"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0815",
    "datePublished": "2019-04-09T20:16:25",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:59.256Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0982
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2024-08-04 18:06
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T18:24:57",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0982",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          },
                          {
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0982",
    "datePublished": "2019-05-16T18:24:57",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1161
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:25:01.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-21T22:53:28",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.5",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1161",
    "datePublished": "2020-05-21T22:53:28",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:25:01.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8409
Vulnerability from cvelistv5
Published
2018-09-13 00:00
Modified
2024-08-05 06:54
Severity ?
Summary
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
Impacted products
Vendor Product Version
Microsoft .NET Core Version: 2.1
Microsoft ASP.NET Core Version: 2.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105223",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105223"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "System.IO.Pipelines",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "System.IO.Pipelines"
            }
          ]
        },
        {
          "product": ".NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        }
      ],
      "datePublic": "2018-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-13T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "105223",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105223"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8409",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "System.IO.Pipelines",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "System.IO.Pipelines"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105223",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105223"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8409",
    "datePublished": "2018-09-13T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.419Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0548
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:27.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106410",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106410"
          },
          {
            "name": "RHSA-2019:0040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0040"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "datePublic": "2019-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "106410",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106410"
        },
        {
          "name": "RHSA-2019:0040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0040"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          },
                          {
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106410",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106410"
            },
            {
              "name": "RHSA-2019:0040",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0040"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0548",
    "datePublished": "2019-01-08T21:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:27.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-0602
Vulnerability from cvelistv5
Published
2020-01-14 23:11
Modified
2024-08-04 06:11
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:04.661Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
          },
          {
            "name": "RHSA-2020:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0130"
          },
          {
            "name": "RHSA-2020:0134",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0134"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-16T19:06:08",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
        },
        {
          "name": "RHSA-2020:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0130"
        },
        {
          "name": "RHSA-2020:0134",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0134"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0602",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          },
                          {
                            "version_value": "3.0"
                          },
                          {
                            "version_value": "3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
            },
            {
              "name": "RHSA-2020:0130",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0130"
            },
            {
              "name": "RHSA-2020:0134",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0134"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0602",
    "datePublished": "2020-01-14T23:11:20",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:11:04.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8356
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
Summary
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Impacted products
Vendor Product Version
Microsoft .NET Core Version: 1.0
Version: 1.1
Version: 2.0
Microsoft ASP.NET Core Version: 1.0
Version: 1.1
Version: 2.0
Microsoft .NET Framework Version: 4.7.2 Developer Pack
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
          },
          {
            "name": "104664",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104664"
          },
          {
            "name": "1041257",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041257"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft .NET Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server 2016  (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server, version 1709  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "3.5 on Windows Server, version 1803  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
            }
          ]
        },
        {
          "product": ".NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": ".NET Framework",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "4.7.2 Developer Pack"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
        },
        {
          "name": "104664",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104664"
        },
        {
          "name": "1041257",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041257"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft .NET Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
                          },
                          {
                            "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "3.5 on Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "3.5 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "3.5 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2016"
                          },
                          {
                            "version_value": "3.5 on Windows Server 2016  (Server Core installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server, version 1709  (Server Core Installation)"
                          },
                          {
                            "version_value": "3.5 on Windows Server, version 1803  (Server Core Installation)"
                          },
                          {
                            "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "4.5.2 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "4.5.2 on Windows RT 8.1"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
                          },
                          {
                            "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
                          },
                          {
                            "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": ".NET Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.7.2 Developer Pack"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
            },
            {
              "name": "104664",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104664"
            },
            {
              "name": "1041257",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041257"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8356",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1302
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
Summary
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:13:30.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-11T21:25:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1302",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          },
                          {
                            "version_value": "2.2"
                          },
                          {
                            "version_value": "3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1302",
    "datePublished": "2019-09-11T21:25:01",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:13:30.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0564
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:27.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
          },
          {
            "name": "106413",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106413"
          },
          {
            "name": "RHSA-2019:0040",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0040"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        }
      ],
      "datePublic": "2019-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
        },
        {
          "name": "106413",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106413"
        },
        {
          "name": "RHSA-2019:0040",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0040"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0564",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
            },
            {
              "name": "106413",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106413"
            },
            {
              "name": "RHSA-2019:0040",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0040"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0564",
    "datePublished": "2019-01-08T21:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:27.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1075
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
Summary
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka \u0027ASP.NET Core Spoofing Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T18:56:20",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          },
                          {
                            "version_value": "2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka \u0027ASP.NET Core Spoofing Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1075",
    "datePublished": "2019-07-15T18:56:20",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-0603
Vulnerability from cvelistv5
Published
2020-01-14 23:11
Modified
2024-08-04 06:11
Severity ?
Summary
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:04.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
          },
          {
            "name": "RHSA-2020:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0130"
          },
          {
            "name": "RHSA-2020:0134",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0134"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-16T19:06:09",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
        },
        {
          "name": "RHSA-2020:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0130"
        },
        {
          "name": "RHSA-2020:0134",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0134"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.1"
                          },
                          {
                            "version_value": "3.0"
                          },
                          {
                            "version_value": "3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
            },
            {
              "name": "RHSA-2020:0130",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0130"
            },
            {
              "name": "RHSA-2020:0134",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0134"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0603",
    "datePublished": "2020-01-14T23:11:21",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:11:04.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8171
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Impacted products
Vendor Product Version
Microsoft ASP.NET Core Version: 1.0
Version: 1.1
Version: 2.0
Microsoft ASP.NET MVC 5.2 Version: Microsoft Visual Studio 2013 Update 5
Version: Microsoft Visual Studio 2015 Update 3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041267",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041267"
          },
          {
            "name": "104659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "ASP.NET MVC 5.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2015 Update 3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041267",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041267"
        },
        {
          "name": "104659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET MVC 5.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041267",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041267"
            },
            {
              "name": "104659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104659"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8171",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-201711-0194
Vulnerability from variot

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Low: .NET Core security update Advisory ID: RHSA-2017:3248-01 Product: dotNET on RHEL Advisory URL: https://access.redhat.com/errata/RHSA-2017:3248 Issue date: 2017-11-20 CVE Names: CVE-2017-8585 CVE-2017-11770 =====================================================================

  1. Summary:

A security update for .NET Core on RHEL is now available.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate

  1. Package List:

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm

dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-11770 https://access.redhat.com/security/updates/classification/#low

https://github.com/dotnet/announcements/issues/34 https://github.com/dotnet/announcements/issues/44

https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7 qK6A1l+OTjiiqdhM/cGc8ZU= =DZ68 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0194",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "aspnetcore",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "aspnetcore",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "aspnetcore",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bachraty Gergely",
    "sources": [
      {
        "db": "BID",
        "id": "101710"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-11770",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-11770",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-11770",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-11770",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-11770",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-585",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\". \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Low: .NET Core security update\nAdvisory ID:       RHSA-2017:3248-01\nProduct:           dotNET on RHEL\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:3248\nIssue date:        2017-11-20\nCVE Names:         CVE-2017-8585 CVE-2017-11770 \n=====================================================================\n\n1. Summary:\n\nA security update for .NET Core on RHEL is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNew versions of .NET Core that address several security vulnerabilities are\nnow available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture\n1512992 - CVE-2017-11770 dotNET: DDos via bad certificate\n\n6. Package List:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-8585\nhttps://access.redhat.com/security/cve/CVE-2017-11770\nhttps://access.redhat.com/security/updates/classification/#low\n\nhttps://github.com/dotnet/announcements/issues/34\nhttps://github.com/dotnet/announcements/issues/44\n\nhttps://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7\nqK6A1l+OTjiiqdhM/cGc8ZU=\n=DZ68\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "BID",
        "id": "101710"
      },
      {
        "db": "PACKETSTORM",
        "id": "145048"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-11770",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "101710",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1039787",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "145048",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "PACKETSTORM",
        "id": "145048"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "id": "VAR-201711-0194",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:34:27.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770"
      },
      {
        "title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11770"
      },
      {
        "title": "Microsoft .NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76424"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11770"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2017:3248"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/101710"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1039787"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11770"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11770"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2017/at170044.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/announcements/issues/44"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/announcements/issues/34"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8585"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-8585"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-11770"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "PACKETSTORM",
        "id": "145048"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "101710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "db": "PACKETSTORM",
        "id": "145048"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "101710"
      },
      {
        "date": "2017-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "date": "2017-11-20T22:22:00",
        "db": "PACKETSTORM",
        "id": "145048"
      },
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "date": "2017-11-15T03:29:00.247000",
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "101710"
      },
      {
        "date": "2017-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      },
      {
        "date": "2019-04-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      },
      {
        "date": "2024-11-21T03:08:28.373000",
        "db": "NVD",
        "id": "CVE-2017-11770"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010105"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-585"
      }
    ],
    "trust": 0.6
  }
}

var-202108-0999
Vulnerability from variot

ASP.NET Core and Visual Studio Information Disclosure Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2021:3143-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3143 Issue date: 2021-08-11 CVE Names: CVE-2021-26423 CVE-2021-34485 CVE-2021-34532 =====================================================================

  1. Summary:

An update for .NET Core 3.1 is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18.

Security Fix(es):

  • dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)

  • dotnet: Dump file created world-readable (CVE-2021-34485)

  • dotnet: ASP.NET Core JWT token logging (CVE-2021-34532)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1990286 - CVE-2021-34485 dotnet: Dump file created world-readable 1990295 - CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS 1990300 - CVE-2021-34532 dotnet: ASP.NET Core JWT token logging

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-26423 https://access.redhat.com/security/cve/CVE-2021-34485 https://access.redhat.com/security/cve/CVE-2021-34532 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYRQa8tzjgjWX9erEAQgZVg//eyD52RIjaXDx3Y8hIiT3Lol1bgP5prfh vgB+Y/IX75XF929mfsAP4QYJGQR9Q6OR511V7SewOqlGMO65S6yvlqVjvDCoesFc Am02/u2D3A8U7HiTYmAPqKNwzf7t8v2KbfZGMIAJQgYCEB4qjT2zvIt9B6TRAKo2 EdQa4XQsnmh4h3bMhkLrI3m8epxUD5Fk7RizA2F7pCwyL/EpiGzlD13nQWNB18gC Y8Csf5i+xPa66EakBo1fWb7u8oda1aoDcKSoDqinfd9t29yTNCAN4g2h1P/1TkDi nLpFRYf5fv7hoWUHmzg6Alp3eZw2GJVVvtMok2bba2TRYmw3MuXuxctaghupD8ph WDtluNCVniryl4SDkgFaSutcAwbyVlQo6M+ku5j1oy+nS26boGv0dIet9UHHkcAS /+tEiTw/atMuRLwkEQ90Y+CUQ9EkTW9X0haKTsvqbJ+/ZKiDdBYQlYxnrvzh5NEx L/a+QneLNviwEJsyFwozWePokB70J1sPPlU2TjtJI7X5hehvIg1U7rfIGSW7yAmB ji512gGjxX6p/k98O2+1DNJ9c8zf6CvHEt+A2KKaZHkJDV/J5aZeJzfmT3rSq+qu 6BQTTYOtPEI7m/u20I5zzeJ1MBE0gE31O+ng3trHf4HzN82T9AZKB0lthLiX4TKK 3V5TkyNr+k0= =JpAp -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-0999",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "visual studio 2019",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.10"
      },
      {
        "model": "asp.net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1.17"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "asp.net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.2"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "visual studio 2019",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.0"
      },
      {
        "model": "asp.net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0.8"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.10"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.10 (includes 16.0 - 16.9)"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019 for mac   8.10"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.7 (includes 16.0 - 16.6)"
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.9 (includes 16.0 - 16.8)"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.4 (includes 16.0 - 16.3)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163808"
      },
      {
        "db": "PACKETSTORM",
        "id": "163807"
      },
      {
        "db": "PACKETSTORM",
        "id": "163802"
      },
      {
        "db": "PACKETSTORM",
        "id": "163799"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2021-34532",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-34532",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-34532",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-34532",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-34532",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-34532",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-34532",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-849",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-34532",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core and Visual Studio Information Disclosure Vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID:       RHSA-2021:3143-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:3143\nIssue date:        2021-08-11\nCVE Names:         CVE-2021-26423 CVE-2021-34485 CVE-2021-34532 \n=====================================================================\n\n1. Summary:\n\nAn update for .NET Core 3.1 is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address security vulnerabilities are now\navailable. The updated versions are .NET SDK 3.1.118 and .NET Runtime\n3.1.18. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)\n\n* dotnet: Dump file created world-readable (CVE-2021-34485)\n\n* dotnet: ASP.NET Core JWT token logging (CVE-2021-34532)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1990286 - CVE-2021-34485 dotnet: Dump file created world-readable\n1990295 - CVE-2021-26423 dotnet: ASP.NET Core WebSocket frame processing DoS\n1990300 - CVE-2021-34532 dotnet: ASP.NET Core JWT token logging\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.118-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.18-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.118-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.118-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26423\nhttps://access.redhat.com/security/cve/CVE-2021-34485\nhttps://access.redhat.com/security/cve/CVE-2021-34532\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRQa8tzjgjWX9erEAQgZVg//eyD52RIjaXDx3Y8hIiT3Lol1bgP5prfh\nvgB+Y/IX75XF929mfsAP4QYJGQR9Q6OR511V7SewOqlGMO65S6yvlqVjvDCoesFc\nAm02/u2D3A8U7HiTYmAPqKNwzf7t8v2KbfZGMIAJQgYCEB4qjT2zvIt9B6TRAKo2\nEdQa4XQsnmh4h3bMhkLrI3m8epxUD5Fk7RizA2F7pCwyL/EpiGzlD13nQWNB18gC\nY8Csf5i+xPa66EakBo1fWb7u8oda1aoDcKSoDqinfd9t29yTNCAN4g2h1P/1TkDi\nnLpFRYf5fv7hoWUHmzg6Alp3eZw2GJVVvtMok2bba2TRYmw3MuXuxctaghupD8ph\nWDtluNCVniryl4SDkgFaSutcAwbyVlQo6M+ku5j1oy+nS26boGv0dIet9UHHkcAS\n/+tEiTw/atMuRLwkEQ90Y+CUQ9EkTW9X0haKTsvqbJ+/ZKiDdBYQlYxnrvzh5NEx\nL/a+QneLNviwEJsyFwozWePokB70J1sPPlU2TjtJI7X5hehvIg1U7rfIGSW7yAmB\nji512gGjxX6p/k98O2+1DNJ9c8zf6CvHEt+A2KKaZHkJDV/J5aZeJzfmT3rSq+qu\n6BQTTYOtPEI7m/u20I5zzeJ1MBE0gE31O+ng3trHf4HzN82T9AZKB0lthLiX4TKK\n3V5TkyNr+k0=\n=JpAp\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "db": "PACKETSTORM",
        "id": "163808"
      },
      {
        "db": "PACKETSTORM",
        "id": "163807"
      },
      {
        "db": "PACKETSTORM",
        "id": "163802"
      },
      {
        "db": "PACKETSTORM",
        "id": "163799"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-34532",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "163799",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2729",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2753",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021081011",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021081229",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-34532",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163808",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163807",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163802",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "PACKETSTORM",
        "id": "163808"
      },
      {
        "db": "PACKETSTORM",
        "id": "163807"
      },
      {
        "db": "PACKETSTORM",
        "id": "163802"
      },
      {
        "db": "PACKETSTORM",
        "id": "163799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "id": "VAR-202108-0999",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T13:18:07.504000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ASP.NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Information\u00a0Disclosure\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34532"
      },
      {
        "title": "Microsoft .NET Core  and Microsoft Visual Studio Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159244"
      },
      {
        "title": "Red Hat: CVE-2021-34532",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34532"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34532 log"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34532"
      },
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-34532"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-34532"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20210811-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2021/at210034.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2729"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2753"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021081229"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-34532"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-august-2021-36113"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/163799/red-hat-security-advisory-2021-3142-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021081011"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-26423"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34485"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2021-34485"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26423"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3147"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3143"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3142"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "PACKETSTORM",
        "id": "163808"
      },
      {
        "db": "PACKETSTORM",
        "id": "163807"
      },
      {
        "db": "PACKETSTORM",
        "id": "163802"
      },
      {
        "db": "PACKETSTORM",
        "id": "163799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "db": "PACKETSTORM",
        "id": "163808"
      },
      {
        "db": "PACKETSTORM",
        "id": "163807"
      },
      {
        "db": "PACKETSTORM",
        "id": "163802"
      },
      {
        "db": "PACKETSTORM",
        "id": "163799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "date": "2021-08-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "date": "2021-08-12T15:49:33",
        "db": "PACKETSTORM",
        "id": "163808"
      },
      {
        "date": "2021-08-12T15:49:21",
        "db": "PACKETSTORM",
        "id": "163807"
      },
      {
        "date": "2021-08-12T15:45:22",
        "db": "PACKETSTORM",
        "id": "163802"
      },
      {
        "date": "2021-08-12T15:43:32",
        "db": "PACKETSTORM",
        "id": "163799"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      },
      {
        "date": "2021-08-12T18:15:09.337000",
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-34532"
      },
      {
        "date": "2021-08-26T03:11:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      },
      {
        "date": "2023-12-28T20:15:49.673000",
        "db": "NVD",
        "id": "CVE-2021-34532"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-849"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET\u00a0Core\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Vulnerability to disclose information in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-002312"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202112-1833
Vulnerability from variot

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. Visual Studio Code is an open source code editor

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1833",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.7"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.9"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "visual studio 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.11"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "visual studio 2022",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.11 (includes 16.0 - 16.10)"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.9 (includes 16.0 - 16.8)"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2019   16.7 (includes 16.0 - 16.6)"
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rami Abughazaleh",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-43877",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-43877",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-43877",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "secure@microsoft.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.0,
            "id": "CVE-2021-43877",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-43877",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-43877",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-43877",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-43877",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-1181",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. Visual Studio Code is an open source code editor",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-43877",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121451",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "id": "VAR-202112-1833",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T23:11:03.318000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ASP.NET\u00a0Core\u00a0and\u00a0Visual\u00a0Studio\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877"
      },
      {
        "title": "Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174413"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-43877"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43877"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20211215-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2021/at210051.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121451"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2021-43877"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-43877"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "date": "2021-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      },
      {
        "date": "2021-12-15T15:15:10.950000",
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-24T07:35:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      },
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      },
      {
        "date": "2024-11-21T06:29:58.677000",
        "db": "NVD",
        "id": "CVE-2021-43877"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET\u00a0Core\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Vulnerability to elevate privileges in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-006050"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-1181"
      }
    ],
    "trust": 0.6
  }
}

var-201711-0162
Vulnerability from variot

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0162",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "BID",
        "id": "101713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kavin Chalet",
    "sources": [
      {
        "db": "BID",
        "id": "101713"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-11879",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-11879",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-37114",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-11879",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-11879",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-11879",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37114",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-512",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nAn attacker can leverage this issue by constructing a crafted URI and  enticing a user to follow it. When an unsuspecting victim follows the  link, they may be redirected to an attacker-controlled site; this may  aid in phishing attacks. Other attacks are possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "db": "BID",
        "id": "101713"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-11879",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "101713",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1039793",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "BID",
        "id": "101713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "id": "VAR-201711-0162",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:40:11.243000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2017-11879 | ASP.NET Core Elevation Of Privilege Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879"
      },
      {
        "title": "CVE-2017-11879 | ASP.NET Core Elevation Of Privilege Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11879"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2017-37114)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/110491"
      },
      {
        "title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76353"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/101713"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11879"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11879"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1039793"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11879"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2017/at170044.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "BID",
        "id": "101713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "db": "BID",
        "id": "101713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "101713"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "date": "2017-11-15T03:29:01.827000",
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37114"
      },
      {
        "date": "2017-12-19T22:00:00",
        "db": "BID",
        "id": "101713"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      },
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      },
      {
        "date": "2024-11-21T03:08:40.360000",
        "db": "NVD",
        "id": "CVE-2017-11879"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Login session information stealing vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010210"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-512"
      }
    ],
    "trust": 0.6
  }
}

var-202308-2021
Vulnerability from variot

.NET and Visual Studio Denial of Service Vulnerability. 9) - aarch64, ppc64le, s390x, x86_64

  1. ========================================================================== Ubuntu Security Notice USN-6278-2 August 10, 2023

dotnet6, dotnet7 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime

Details:

USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. (CVE-2023-35390)

Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38178)

It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-38180)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.121-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-host 6.0.121-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.121-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.121-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.110-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.121-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.110-0ubuntu1~22.04.1 dotnet6 6.0.121-0ubuntu1~22.04.1 dotnet7 7.0.110-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes. 9) - aarch64, s390x, x86_64

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: rh-dotnet60-dotnet security, bug fix, and enhancement update Advisory ID: RHSA-2023:4641-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4641 Issue date: 2023-08-14 CVE Names: CVE-2023-35390 CVE-2023-38180 =====================================================================

  1. Summary:

An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21.

Security Fix(es):

  • dotnet: RCE under dotnet commands (CVE-2023-35390)

  • dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm

x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm

x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm

x86_64: rh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm rh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm rh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2023-35390 https://access.redhat.com/security/cve/CVE-2023-38180 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIcBAEBCAAGBQJk2ox4AAoJENzjgjWX9erEzm4P/j9KGuwQcPYINF/hHv894DBB jd4ssZNnb1cmEPcILEnWbjpj3Tye/4C1TFMP4Gwk8iYCks7XB3OhkUxoOnmH5AL+ yNSTTkFTDwHtPDVHnfxrEb5mBi5xPGowh3BTcxI5T1IcQD6Iq22PK4kul35oB1JA ONxq0IJAjGosZE097ZLzI5wDYriW7j4ztYpj7bb17PeB8hi+DM3+xFGsQF/bEzco cabRwo9sqeUc3g9UMs4BptqwIIFYBawimos9EHxnW+VWPrA/xxvdnMV3k9E9t/35 OiLuG8U6oxxE+s3AZkAABNPVLK0w8xdTCgSce0hrK90o/BuSPEMqEpDV/uyQ3YWT MflES8m3hUk2Dn54u0oIeugEy/19mNxGm59LSVEC6v/KpUz8dIaNmHQN+/m9vFKH CGCcqxBYhsv7V4Khm6KFL1TjJqx2PqVGBlIjzAOEl6N1f3ZYROYIWlbrh4F3u2yB 9hPXsGNqBak+Tjqtsxz/NmADsHU2vD99u3O5OUTzxEvt4QBUq9ccfRB8C4j47mcR Sd9y3aT9D/aYRfTFTUfdaLFr5acKBQzskH4eDmBWin0nJFNRCa71dq1kHbywTRqA 1UF98WUX3ERSEkqPb2uSpg0u7/OUD5VjYxFwH5yHk0KuSi/54G88bEUDR0OyK/zY /2tvafvaLc1Di9EP6HOd =uint -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2021",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.10"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.18"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "38"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "37"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.0"
      },
      {
        "model": ".net",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.6"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.2"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": ".net",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "174177"
      },
      {
        "db": "PACKETSTORM",
        "id": "174181"
      },
      {
        "db": "PACKETSTORM",
        "id": "174182"
      },
      {
        "db": "PACKETSTORM",
        "id": "174179"
      },
      {
        "db": "PACKETSTORM",
        "id": "174168"
      },
      {
        "db": "PACKETSTORM",
        "id": "174183"
      },
      {
        "db": "PACKETSTORM",
        "id": "174167"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2023-38180",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secure@microsoft.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-38180",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2023-002799",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2023-38180",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2023-002799",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET and Visual Studio Denial of Service Vulnerability. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-6278-2\nAugust 10, 2023\n\ndotnet6, dotnet7 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in .NET. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n\nDetails:\n\nUSN-6278-1 fixed several vulnerabilities in .NET. This update\nprovides the corresponding updates for Ubuntu 22.04 LTS. \n\nOriginal advisory details:\n\n   It was discovered that .NET did properly handle the execution of\n   certain commands. An attacker could possibly use this issue to\n   achieve remote code execution. (CVE-2023-35390)\n\n   Benoit Foucher discovered that .NET did not properly implement the\n   QUIC stream limit in HTTP/3. An attacker could possibly use this\n   issue to cause a denial of service. (CVE-2023-38178)\n\n   It was discovered that .NET did not properly handle the disconnection\n   of potentially malicious clients interfacing with a Kestrel server. An\n   attacker could possibly use this issue to cause a denial of service. \n   (CVE-2023-38180)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n    aspnetcore-runtime-6.0           6.0.121-0ubuntu1~22.04.1\n    aspnetcore-runtime-7.0           7.0.110-0ubuntu1~22.04.1\n    dotnet-host 6.0.121-0ubuntu1~22.04.1\n    dotnet-host-7.0                       7.0.110-0ubuntu1~22.04.1\n    dotnet-hostfxr-6.0                   6.0.121-0ubuntu1~22.04.1\n    dotnet-hostfxr-7.0                   7.0.110-0ubuntu1~22.04.1\n    dotnet-runtime-6.0                  6.0.121-0ubuntu1~22.04.1\n    dotnet-runtime-7.0                  7.0.110-0ubuntu1~22.04.1\n    dotnet-sdk-6.0                        6.0.121-0ubuntu1~22.04.1\n    dotnet-sdk-7.0                        7.0.110-0ubuntu1~22.04.1\n    dotnet6 6.0.121-0ubuntu1~22.04.1\n    dotnet7 7.0.110-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes. 9) - aarch64, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: rh-dotnet60-dotnet security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2023:4641-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:4641\nIssue date:        2023-08-14\nCVE Names:         CVE-2023-35390 CVE-2023-38180 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 6.0.121 and .NET Runtime\n6.0.21. \n\nSecurity Fix(es):\n\n* dotnet: RCE under dotnet commands (CVE-2023-35390)\n\n* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of\nService attack (CVE-2023-38180)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack\n2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet60-dotnet-6.0.121-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet60-aspnetcore-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-apphost-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-debuginfo-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-host-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-hostfxr-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-runtime-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-targeting-pack-6.0-6.0.21-1.el7_9.x86_64.rpm\nrh-dotnet60-dotnet-templates-6.0-6.0.121-1.el7_9.x86_64.rpm\nrh-dotnet60-netstandard-targeting-pack-2.1-6.0.121-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2023-35390\nhttps://access.redhat.com/security/cve/CVE-2023-38180\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCAAGBQJk2ox4AAoJENzjgjWX9erEzm4P/j9KGuwQcPYINF/hHv894DBB\njd4ssZNnb1cmEPcILEnWbjpj3Tye/4C1TFMP4Gwk8iYCks7XB3OhkUxoOnmH5AL+\nyNSTTkFTDwHtPDVHnfxrEb5mBi5xPGowh3BTcxI5T1IcQD6Iq22PK4kul35oB1JA\nONxq0IJAjGosZE097ZLzI5wDYriW7j4ztYpj7bb17PeB8hi+DM3+xFGsQF/bEzco\ncabRwo9sqeUc3g9UMs4BptqwIIFYBawimos9EHxnW+VWPrA/xxvdnMV3k9E9t/35\nOiLuG8U6oxxE+s3AZkAABNPVLK0w8xdTCgSce0hrK90o/BuSPEMqEpDV/uyQ3YWT\nMflES8m3hUk2Dn54u0oIeugEy/19mNxGm59LSVEC6v/KpUz8dIaNmHQN+/m9vFKH\nCGCcqxBYhsv7V4Khm6KFL1TjJqx2PqVGBlIjzAOEl6N1f3ZYROYIWlbrh4F3u2yB\n9hPXsGNqBak+Tjqtsxz/NmADsHU2vD99u3O5OUTzxEvt4QBUq9ccfRB8C4j47mcR\nSd9y3aT9D/aYRfTFTUfdaLFr5acKBQzskH4eDmBWin0nJFNRCa71dq1kHbywTRqA\n1UF98WUX3ERSEkqPb2uSpg0u7/OUD5VjYxFwH5yHk0KuSi/54G88bEUDR0OyK/zY\n/2tvafvaLc1Di9EP6HOd\n=uint\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "db": "PACKETSTORM",
        "id": "174177"
      },
      {
        "db": "PACKETSTORM",
        "id": "174134"
      },
      {
        "db": "PACKETSTORM",
        "id": "174181"
      },
      {
        "db": "PACKETSTORM",
        "id": "174182"
      },
      {
        "db": "PACKETSTORM",
        "id": "174179"
      },
      {
        "db": "PACKETSTORM",
        "id": "174168"
      },
      {
        "db": "PACKETSTORM",
        "id": "174183"
      },
      {
        "db": "PACKETSTORM",
        "id": "174167"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-38180",
        "trust": 3.5
      },
      {
        "db": "JVN",
        "id": "JVNVU93250330",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-04",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "174089",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174177",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174134",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174181",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174179",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174168",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174183",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174167",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "db": "PACKETSTORM",
        "id": "174177"
      },
      {
        "db": "PACKETSTORM",
        "id": "174134"
      },
      {
        "db": "PACKETSTORM",
        "id": "174181"
      },
      {
        "db": "PACKETSTORM",
        "id": "174182"
      },
      {
        "db": "PACKETSTORM",
        "id": "174179"
      },
      {
        "db": "PACKETSTORM",
        "id": "174168"
      },
      {
        "db": "PACKETSTORM",
        "id": "174183"
      },
      {
        "db": "PACKETSTORM",
        "id": "174167"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "id": "VAR-202308-2021",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-29T21:46:46.306000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38180"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cl2l4we5qrt7wexanyxsksu43apc5n2v/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nwvzfktlnmnkpz755emryia6ghfowgky/"
      },
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-38180"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-35390"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93250330/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/security-alert/2023/0809-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2023/at230016.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2023-38180"
      },
      {
        "trust": 0.7,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2023-35390"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-6278-1"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-38178"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~23.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1~23.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4642"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.121-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.110-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6278-2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4645"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4639"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4644"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4640"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:4641"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "db": "PACKETSTORM",
        "id": "174177"
      },
      {
        "db": "PACKETSTORM",
        "id": "174134"
      },
      {
        "db": "PACKETSTORM",
        "id": "174181"
      },
      {
        "db": "PACKETSTORM",
        "id": "174182"
      },
      {
        "db": "PACKETSTORM",
        "id": "174179"
      },
      {
        "db": "PACKETSTORM",
        "id": "174168"
      },
      {
        "db": "PACKETSTORM",
        "id": "174183"
      },
      {
        "db": "PACKETSTORM",
        "id": "174167"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "db": "PACKETSTORM",
        "id": "174177"
      },
      {
        "db": "PACKETSTORM",
        "id": "174134"
      },
      {
        "db": "PACKETSTORM",
        "id": "174181"
      },
      {
        "db": "PACKETSTORM",
        "id": "174182"
      },
      {
        "db": "PACKETSTORM",
        "id": "174179"
      },
      {
        "db": "PACKETSTORM",
        "id": "174168"
      },
      {
        "db": "PACKETSTORM",
        "id": "174183"
      },
      {
        "db": "PACKETSTORM",
        "id": "174167"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "date": "2023-08-09T16:11:58",
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "date": "2023-08-15T15:16:45",
        "db": "PACKETSTORM",
        "id": "174177"
      },
      {
        "date": "2023-08-11T13:26:47",
        "db": "PACKETSTORM",
        "id": "174134"
      },
      {
        "date": "2023-08-15T15:18:45",
        "db": "PACKETSTORM",
        "id": "174181"
      },
      {
        "date": "2023-08-15T15:18:59",
        "db": "PACKETSTORM",
        "id": "174182"
      },
      {
        "date": "2023-08-15T15:17:34",
        "db": "PACKETSTORM",
        "id": "174179"
      },
      {
        "date": "2023-08-15T14:29:02",
        "db": "PACKETSTORM",
        "id": "174168"
      },
      {
        "date": "2023-08-15T15:19:13",
        "db": "PACKETSTORM",
        "id": "174183"
      },
      {
        "date": "2023-08-15T14:28:46",
        "db": "PACKETSTORM",
        "id": "174167"
      },
      {
        "date": "2023-08-08T19:15:10.367000",
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-06-17T08:30:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      },
      {
        "date": "2024-06-27T18:50:19.393000",
        "db": "NVD",
        "id": "CVE-2023-38180"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "db": "PACKETSTORM",
        "id": "174134"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Microsoft\u00a0 Service operation interruption in the product \u00a0(DoS)\u00a0 Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002799"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code execution",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "174089"
      },
      {
        "db": "PACKETSTORM",
        "id": "174134"
      }
    ],
    "trust": 0.2
  }
}

var-202402-1534
Vulnerability from variot

.NET Denial of Service Vulnerability. Microsoft's .NET and Microsoft Visual Studio includes denial of service (DoS) Vulnerability exists.Service operation interruption (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6634-1 February 13, 2024

dotnet6, dotnet7, dotnet8 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime

Details:

Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21386)

Bahaa Naamneh discovered that .NET with OpenSSL support did not properly parse X509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21404)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.127-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.116-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-host 6.0.127-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.127-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.127-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.127-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.102-0ubuntu1~23.10.1 dotnet6 6.0.127-0ubuntu1~23.10.1 dotnet7 7.0.116-0ubuntu1~23.10.1 dotnet8 8.0.102-8.0.2-0ubuntu1~23.10.1

Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.127-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.116-0ubuntu1~22.04.1 aspnetcore-runtime-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-host 6.0.127-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.127-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.127-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.127-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.102-0ubuntu1~22.04.1 dotnet6 6.0.127-0ubuntu1~22.04.1 dotnet7 7.0.116-0ubuntu1~22.04.1 dotnet8 8.0.102-8.0.2-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1552.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

==================================================================== Red Hat Security Advisory

Synopsis: Important: .NET 6.0 security update Advisory ID: RHSA-2024:1552-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2024:1552 Issue date: 2024-03-28 Revision: 03 CVE Names: CVE-2024-21404 ====================================================================

Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27.

Security Fix(es):

  • dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-21404

References:

https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=2263086

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1534",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.16"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.16"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.27"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.2"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.8.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.12"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.8.7"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.6"
      },
      {
        "model": ".net",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.8"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "177926"
      },
      {
        "db": "PACKETSTORM",
        "id": "177925"
      },
      {
        "db": "PACKETSTORM",
        "id": "177834"
      },
      {
        "db": "PACKETSTORM",
        "id": "177833"
      },
      {
        "db": "PACKETSTORM",
        "id": "177831"
      },
      {
        "db": "PACKETSTORM",
        "id": "177830"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2024-21404",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secure@microsoft.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2024-21404",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2024-002845",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2024-21404",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2024-002845",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Denial of Service Vulnerability. Microsoft\u0027s .NET and Microsoft Visual Studio includes denial of service (DoS) Vulnerability exists.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6634-1\nFebruary 13, 2024\n\ndotnet6, dotnet7, dotnet8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in .NET. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n- dotnet8: dotNET CLI tools and runtime\n\nDetails:\n\nBrennan Conroy discovered that .NET with SignalR did not properly\nhandle malicious clients. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2024-21386)\n\nBahaa Naamneh discovered that .NET with OpenSSL support did not\nproperly parse X509 certificates. An attacker could possibly use\nthis issue to cause a denial of service. (CVE-2024-21404)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   aspnetcore-runtime-6.0          6.0.127-0ubuntu1~23.10.1\n   aspnetcore-runtime-7.0          7.0.116-0ubuntu1~23.10.1\n   aspnetcore-runtime-8.0          8.0.2-0ubuntu1~23.10.1\n   dotnet-host                     6.0.127-0ubuntu1~23.10.1\n   dotnet-host-7.0                 7.0.116-0ubuntu1~23.10.1\n   dotnet-host-8.0                 8.0.2-0ubuntu1~23.10.1\n   dotnet-hostfxr-6.0              6.0.127-0ubuntu1~23.10.1\n   dotnet-hostfxr-7.0              7.0.116-0ubuntu1~23.10.1\n   dotnet-hostfxr-8.0              8.0.2-0ubuntu1~23.10.1\n   dotnet-runtime-6.0              6.0.127-0ubuntu1~23.10.1\n   dotnet-runtime-7.0              7.0.116-0ubuntu1~23.10.1\n   dotnet-runtime-8.0              8.0.2-0ubuntu1~23.10.1\n   dotnet-sdk-6.0                  6.0.127-0ubuntu1~23.10.1\n   dotnet-sdk-7.0                  7.0.116-0ubuntu1~23.10.1\n   dotnet-sdk-8.0                  8.0.102-0ubuntu1~23.10.1\n   dotnet6                         6.0.127-0ubuntu1~23.10.1\n   dotnet7                         7.0.116-0ubuntu1~23.10.1\n   dotnet8                         8.0.102-8.0.2-0ubuntu1~23.10.1\n\nUbuntu 22.04 LTS:\n   aspnetcore-runtime-6.0          6.0.127-0ubuntu1~22.04.1\n   aspnetcore-runtime-7.0          7.0.116-0ubuntu1~22.04.1\n   aspnetcore-runtime-8.0          8.0.2-0ubuntu1~22.04.1\n   dotnet-host                     6.0.127-0ubuntu1~22.04.1\n   dotnet-host-7.0                 7.0.116-0ubuntu1~22.04.1\n   dotnet-host-8.0                 8.0.2-0ubuntu1~22.04.1\n   dotnet-hostfxr-6.0              6.0.127-0ubuntu1~22.04.1\n   dotnet-hostfxr-7.0              7.0.116-0ubuntu1~22.04.1\n   dotnet-hostfxr-8.0              8.0.2-0ubuntu1~22.04.1\n   dotnet-runtime-6.0              6.0.127-0ubuntu1~22.04.1\n   dotnet-runtime-7.0              7.0.116-0ubuntu1~22.04.1\n   dotnet-runtime-8.0              8.0.2-0ubuntu1~22.04.1\n   dotnet-sdk-6.0                  6.0.127-0ubuntu1~22.04.1\n   dotnet-sdk-7.0                  7.0.116-0ubuntu1~22.04.1\n   dotnet-sdk-8.0                  8.0.102-0ubuntu1~22.04.1\n   dotnet6                         6.0.127-0ubuntu1~22.04.1\n   dotnet7                         7.0.116-0ubuntu1~22.04.1\n   dotnet8                         8.0.102-8.0.2-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1552.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Important: .NET 6.0 security update\nAdvisory ID:        RHSA-2024:1552-03\nProduct:            Red Hat Enterprise Linux\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1552\nIssue date:         2024-03-28\nRevision:           03\nCVE Names:          CVE-2024-21404\n====================================================================\n\nSummary: \n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27. \n\nSecurity Fix(es):\n\n* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2024-21404\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2263086\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177926"
      },
      {
        "db": "PACKETSTORM",
        "id": "177925"
      },
      {
        "db": "PACKETSTORM",
        "id": "177834"
      },
      {
        "db": "PACKETSTORM",
        "id": "177833"
      },
      {
        "db": "PACKETSTORM",
        "id": "177831"
      },
      {
        "db": "PACKETSTORM",
        "id": "177830"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-21404",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2024-21404",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177110",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177926",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177925",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177834",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177833",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177831",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177830",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177926"
      },
      {
        "db": "PACKETSTORM",
        "id": "177925"
      },
      {
        "db": "PACKETSTORM",
        "id": "177834"
      },
      {
        "db": "PACKETSTORM",
        "id": "177833"
      },
      {
        "db": "PACKETSTORM",
        "id": "177831"
      },
      {
        "db": "PACKETSTORM",
        "id": "177830"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "id": "VAR-202402-1534",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T14:09:34.055000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": ".NET\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21404"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2024-21404"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-21404"
      },
      {
        "trust": 1.1,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2024-21404"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/security-alert/2023/0214-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2024/at240006.html"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2024-21404"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6634-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.102-8.0.2-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.116-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-21386"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.127-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.102-8.0.2-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.116-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.127-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1643.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:1643"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1641.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:1641"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:1555"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1555.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:1554"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1554.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:1553"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1553.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:1552"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1552.json"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177926"
      },
      {
        "db": "PACKETSTORM",
        "id": "177925"
      },
      {
        "db": "PACKETSTORM",
        "id": "177834"
      },
      {
        "db": "PACKETSTORM",
        "id": "177833"
      },
      {
        "db": "PACKETSTORM",
        "id": "177831"
      },
      {
        "db": "PACKETSTORM",
        "id": "177830"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177926"
      },
      {
        "db": "PACKETSTORM",
        "id": "177925"
      },
      {
        "db": "PACKETSTORM",
        "id": "177834"
      },
      {
        "db": "PACKETSTORM",
        "id": "177833"
      },
      {
        "db": "PACKETSTORM",
        "id": "177831"
      },
      {
        "db": "PACKETSTORM",
        "id": "177830"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "date": "2024-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "date": "2024-02-14T15:06:51",
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "date": "2024-04-03T20:11:56",
        "db": "PACKETSTORM",
        "id": "177926"
      },
      {
        "date": "2024-04-03T19:59:49",
        "db": "PACKETSTORM",
        "id": "177925"
      },
      {
        "date": "2024-03-28T14:29:15",
        "db": "PACKETSTORM",
        "id": "177834"
      },
      {
        "date": "2024-03-28T14:29:07",
        "db": "PACKETSTORM",
        "id": "177833"
      },
      {
        "date": "2024-03-28T14:27:30",
        "db": "PACKETSTORM",
        "id": "177831"
      },
      {
        "date": "2024-03-28T14:27:23",
        "db": "PACKETSTORM",
        "id": "177830"
      },
      {
        "date": "2024-02-13T18:15:59.023000",
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2024-21404"
      },
      {
        "date": "2024-02-27T02:01:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      },
      {
        "date": "2024-05-29T00:15:33.610000",
        "db": "NVD",
        "id": "CVE-2024-21404"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft\u0027s \u00a0.NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002845"
      }
    ],
    "trust": 0.8
  }
}

var-201805-0649
Vulnerability from variot

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0649",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0765",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-0765",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0765",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0765",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0765",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-309",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka \".NET and .NET Core Denial of Service Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. \nSuccessful exploits will attackers to cause a denial of service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "BID",
        "id": "104060"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0765",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "104060",
        "trust": 1.3
      },
      {
        "db": "SECTRACK",
        "id": "1040851",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "39696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "id": "VAR-201805-0649",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:38:57.431000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765"
      },
      {
        "title": "CVE-2018-0765 | .NET \u304a\u3088\u3073 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0765"
      },
      {
        "title": "Microsoft .NET Framework  and .NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79987"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-611",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0765"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/104060"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1040851"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0765"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180509-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180021.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0765"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/39696"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "104060"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-08T00:00:00",
        "db": "BID",
        "id": "104060"
      },
      {
        "date": "2018-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "date": "2018-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "date": "2018-05-09T19:29:00.323000",
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-08T00:00:00",
        "db": "BID",
        "id": "104060"
      },
      {
        "date": "2018-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      },
      {
        "date": "2018-05-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      },
      {
        "date": "2024-11-21T03:38:54.410000",
        "db": "NVD",
        "id": "CVE-2018-0765"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004255"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-309"
      }
    ],
    "trust": 0.6
  }
}

var-201711-0165
Vulnerability from variot

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0165",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "aspnetcore",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "aspnetcore",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "aspnetcore",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "BID",
        "id": "101835"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "101835"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-11883",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-11883",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-37113",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-11883",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-11883",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-11883",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37113",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-511",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "db": "BID",
        "id": "101835"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-11883",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "101835",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1039793",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "BID",
        "id": "101835"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "id": "VAR-201711-0165",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:40:11.275000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"
      },
      {
        "title": "CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11883"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2017-37113)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/110493"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76352"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-19",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/101835"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11883"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1039793"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11883"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11883"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2017/at170044.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "BID",
        "id": "101835"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "db": "BID",
        "id": "101835"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "101835"
      },
      {
        "date": "2017-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "date": "2017-11-15T03:29:01.953000",
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37113"
      },
      {
        "date": "2017-12-19T22:00:00",
        "db": "BID",
        "id": "101835"
      },
      {
        "date": "2017-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      },
      {
        "date": "2024-11-21T03:08:40.770000",
        "db": "NVD",
        "id": "CVE-2017-11883"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010123"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-511"
      }
    ],
    "trust": 0.6
  }
}

var-202311-0474
Vulnerability from variot

ASP.NET Core - Security Feature Bypass Vulnerability. ========================================================================== Ubuntu Security Notice USN-6480-1 November 15, 2023

dotnet6, dotnet7, dotnet8 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 23.04
  • Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime

Details:

Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. (CVE-2023-36558)

Piotr Bazydlo discovered that .NET did not properly handle untrusted URIs provided to System.Net.WebRequest.Create. An attacker could possibly use this issue to inject arbitrary commands to backend FTP servers. (CVE-2023-36049)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-host 6.0.125-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.100-0ubuntu1~23.10.1 dotnet6 6.0.125-0ubuntu1~23.10.1 dotnet7 7.0.114-0ubuntu1~23.10.1 dotnet8 8.0.100-8.0.0-0ubuntu1~23.10.1

Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-host 6.0.125-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.04.1 dotnet6 6.0.125-0ubuntu1~23.04.1 dotnet7 7.0.114-0ubuntu1~23.04.1

Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-host 6.0.125-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~22.04.1 dotnet6 6.0.125-0ubuntu1~22.04.1 dotnet7 7.0.114-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-6480-1 CVE-2023-36049, CVE-2023-36558

Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202311-0474",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.14"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.14"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.22"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.7.7"
      },
      {
        "model": ".net",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.14"
      },
      {
        "model": ".net",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.7"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.10"
      },
      {
        "model": ".net",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.25"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.25"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6"
      },
      {
        "model": ".net",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.2"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.7"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": ".net",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175784"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2023-36558",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2023-36558",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "secure@microsoft.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "id": "CVE-2023-36558",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36558",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36558",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2023-36558",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36558",
            "trust": 0.8,
            "value": "Medium"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core - Security Feature Bypass Vulnerability. ==========================================================================\nUbuntu Security Notice USN-6480-1\nNovember 15, 2023\n\ndotnet6, dotnet7, dotnet8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 23.04\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in .NET. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n- dotnet8: dotNET CLI tools and runtime\n\nDetails:\n\nBarry Dorrans discovered that .NET did not properly implement certain\nsecurity features for Blazor server forms. An attacker could possibly\nuse this issue to bypass validation, which could trigger unintended\nactions. (CVE-2023-36558)\n\nPiotr Bazydlo discovered that .NET did not properly handle untrusted\nURIs provided to System.Net.WebRequest.Create. An attacker could possibly\nuse this issue to inject arbitrary commands to backend FTP servers. \n(CVE-2023-36049)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   aspnetcore-runtime-6.0          6.0.125-0ubuntu1~23.10.1\n   aspnetcore-runtime-7.0          7.0.114-0ubuntu1~23.10.1\n   aspnetcore-runtime-8.0          8.0.0-0ubuntu1~23.10.1\n   dotnet-host                     6.0.125-0ubuntu1~23.10.1\n   dotnet-host-7.0                 7.0.114-0ubuntu1~23.10.1\n   dotnet-host-8.0                 8.0.0-0ubuntu1~23.10.1\n   dotnet-hostfxr-6.0              6.0.125-0ubuntu1~23.10.1\n   dotnet-hostfxr-7.0              7.0.114-0ubuntu1~23.10.1\n   dotnet-hostfxr-8.0              8.0.0-0ubuntu1~23.10.1\n   dotnet-runtime-6.0              6.0.125-0ubuntu1~23.10.1\n   dotnet-runtime-7.0              7.0.114-0ubuntu1~23.10.1\n   dotnet-runtime-8.0              8.0.0-0ubuntu1~23.10.1\n   dotnet-sdk-6.0                  6.0.125-0ubuntu1~23.10.1\n   dotnet-sdk-7.0                  7.0.114-0ubuntu1~23.10.1\n   dotnet-sdk-8.0                  8.0.100-0ubuntu1~23.10.1\n   dotnet6                         6.0.125-0ubuntu1~23.10.1\n   dotnet7                         7.0.114-0ubuntu1~23.10.1\n   dotnet8                         8.0.100-8.0.0-0ubuntu1~23.10.1\n\nUbuntu 23.04:\n   aspnetcore-runtime-6.0          6.0.125-0ubuntu1~23.04.1\n   aspnetcore-runtime-7.0          7.0.114-0ubuntu1~23.04.1\n   dotnet-host                     6.0.125-0ubuntu1~23.04.1\n   dotnet-host-7.0                 7.0.114-0ubuntu1~23.04.1\n   dotnet-hostfxr-6.0              6.0.125-0ubuntu1~23.04.1\n   dotnet-hostfxr-7.0              7.0.114-0ubuntu1~23.04.1\n   dotnet-runtime-6.0              6.0.125-0ubuntu1~23.04.1\n   dotnet-runtime-7.0              7.0.114-0ubuntu1~23.04.1\n   dotnet-sdk-6.0                  6.0.125-0ubuntu1~23.04.1\n   dotnet-sdk-7.0                  7.0.114-0ubuntu1~23.04.1\n   dotnet6                         6.0.125-0ubuntu1~23.04.1\n   dotnet7                         7.0.114-0ubuntu1~23.04.1\n\nUbuntu 22.04 LTS:\n   aspnetcore-runtime-6.0          6.0.125-0ubuntu1~22.04.1\n   aspnetcore-runtime-7.0          7.0.114-0ubuntu1~22.04.1\n   dotnet-host                     6.0.125-0ubuntu1~22.04.1\n   dotnet-host-7.0                 7.0.114-0ubuntu1~22.04.1\n   dotnet-hostfxr-6.0              6.0.125-0ubuntu1~22.04.1\n   dotnet-hostfxr-7.0              7.0.114-0ubuntu1~22.04.1\n   dotnet-runtime-6.0              6.0.125-0ubuntu1~22.04.1\n   dotnet-runtime-7.0              7.0.114-0ubuntu1~22.04.1\n   dotnet-sdk-6.0                  6.0.125-0ubuntu1~22.04.1\n   dotnet-sdk-7.0                  7.0.114-0ubuntu1~22.04.1\n   dotnet6                         6.0.125-0ubuntu1~22.04.1\n   dotnet7                         7.0.114-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n   https://ubuntu.com/security/notices/USN-6480-1\n   CVE-2023-36049, CVE-2023-36558\n\nPackage Information:\nhttps://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1\nhttps://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1\nhttps://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1\nhttps://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1\nhttps://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1\nhttps://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1\nhttps://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "PACKETSTORM",
        "id": "175784"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36558",
        "trust": 2.7
      },
      {
        "db": "JVN",
        "id": "JVNVU93250330",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-04",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "175784",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "PACKETSTORM",
        "id": "175784"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "id": "VAR-202311-0474",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T12:57:09.646000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ASP.NET\u00a0Core\u00a0-\u00a0Security\u00a0Feature\u00a0Bypass\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36558"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-36558"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36558"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93250330/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/security-alert/2023/1115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2023/at230028.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36049"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6480-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "PACKETSTORM",
        "id": "175784"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "db": "PACKETSTORM",
        "id": "175784"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "date": "2023-11-16T14:52:25",
        "db": "PACKETSTORM",
        "id": "175784"
      },
      {
        "date": "2023-11-14T22:15:29.323000",
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-06-17T08:22:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      },
      {
        "date": "2023-11-21T20:01:19.307000",
        "db": "NVD",
        "id": "CVE-2023-36558"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft\u0027s multiple \u00a0Microsoft\u00a0 Vulnerabilities that bypass security features in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007579"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175784"
      }
    ],
    "trust": 0.1
  }
}

var-201803-1708
Vulnerability from variot

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". Microsoft .NET is prone to a denial-of-service vulnerability. Successful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Low: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0522-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0522 Issue date: 2018-03-14 CVE Names: CVE-2018-0875 =====================================================================

  1. Summary:

Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and includes a CLR implementation.

These correspond to the March 2018 security release by .NET Core upstream projects.

Security Fix(es):

  • .NET Core: Hash Collision Denial of Service (CVE-2018-0875)

Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue.

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet20-dotnet-2.0.6-1.el7.src.rpm

x86_64: rh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-0875 https://access.redhat.com/security/updates/classification/#low

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc slFh/sAwzwax82xICfw1G1M= =37s1 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1708",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ben Adams of Illyriad Games",
    "sources": [
      {
        "db": "BID",
        "id": "103225"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0875",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-0875",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0875",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0875",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0875",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-522",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka \".NET Core Denial of Service Vulnerability\". Microsoft .NET is prone to a denial-of-service vulnerability. \nSuccessful exploits will attackers to cause performance to degrade resulting in a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Low: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2018:0522-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:0522\nIssue date:        2018-03-14\nCVE Names:         CVE-2018-0875 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and includes a CLR implementation. \n\nThese correspond to the March 2018 security release by .NET Core upstream\nprojects. \n\nSecurity Fix(es):\n\n* .NET Core: Hash Collision Denial of Service (CVE-2018-0875)\n\nRed Hat would like to thank Ben Adams (Illyriad Games) for reporting this\nissue. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.10-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.7-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.6-1.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0875\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaqUTsXlSAg2UNWIIRAuzUAKCDhqW/mE1ZwG1Bv9JVc2oVTo7cngCfUnVc\nslFh/sAwzwax82xICfw1G1M=\n=37s1\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "BID",
        "id": "103225"
      },
      {
        "db": "PACKETSTORM",
        "id": "146768"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0875",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103225",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040505",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "146768",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "PACKETSTORM",
        "id": "146768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "id": "VAR-201803-1708",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:41:53.763000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0875 | .NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875"
      },
      {
        "title": "CVE-2018-0875 | .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0875"
      },
      {
        "title": "Microsoft .NET Core  and PowerShell Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79171"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0875"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:0522"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1040505"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/103225"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0875"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0875"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180011.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-0875"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "PACKETSTORM",
        "id": "146768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "103225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "db": "PACKETSTORM",
        "id": "146768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-13T00:00:00",
        "db": "BID",
        "id": "103225"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "date": "2018-03-15T15:52:13",
        "db": "PACKETSTORM",
        "id": "146768"
      },
      {
        "date": "2018-03-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "date": "2018-03-14T17:29:00.980000",
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-13T00:00:00",
        "db": "BID",
        "id": "103225"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      },
      {
        "date": "2024-11-21T03:39:08.307000",
        "db": "NVD",
        "id": "CVE-2018-0875"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core and  PowerShell Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002560"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-522"
      }
    ],
    "trust": 0.6
  }
}

var-202009-0169
Vulnerability from variot

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.

The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.

The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.

. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to set a second cookie. The following products and versions are affected: ASP.NET Core 2.1 version, ASP.NET Core 3.1 version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux Advisory ID: RHSA-2020:3697-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3697 Issue date: 2020-09-08 CVE Names: CVE-2020-1045 ==================================================================== 1. Summary:

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-1045 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX1fMj9zjgjWX9erEAQh6wA/+NBE91/LaDoq9eYFxfrqVguYZ1Pmb0oBs B4B0pXCUloGDDFTLmFPyIXPwXt1oklGPJ7/UuA4A6Bn2pNNLCGCbP/sDRHOoqcoe NMWrC5z3f8eHU0A+OLZjCfUBHrkZl3FCgDqGW4h5un0TCfCA/x5RRq/3gp/QKYmq cIckR5jkQtw9HrAsUdhjNfnapqGOpryMj0BEy43p1sr3dWeR4vndaddjz7ghbddZ yt2igJzvQJzaY4f788dGqC07HzPL0ehEhqyvyyJtRK7Mg97q+rai5xyQuVS76y94 aogTKj8YI4r0FI0yhz5v+4Skr7osCSoodIucTEpYuB3i1A+ZLg+3hlSSogsryOUA jy46wqFivHPMggNXXKrE0usJNPZf3+7dpuSarNtm57SFKKCx18dAhWUkK0WjTYox aa9NEAT5+z7NSI8snTwVP7bVbTRGIZPZbWEzMcL4VGjo05iGm32UCj1tHJYUWEhS sZD7gSqAk/ieuRAYXAd9DStKFPmjf5lKe823L1Fjw6fIGHGXfjeAyhuvIArL1UJc K9IKEBrG9FoxXd/01jOrjvobbEeMbLnFo3mRSMd6n1/nBGNbp9cTbELzQzX13Vf8 /LNeD82fuk2reO7w430Zx0AJZH3kyjLB5zbtLtVwC8f2oOVYbGgJY4gcWTOgp5ej gKRtEISquJk=Nco9 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0169",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "enterprise linux aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "enterprise linux tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.6"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1.8"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "enterprise linux aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.2"
      },
      {
        "model": "enterprise linux aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.4"
      },
      {
        "model": "asp.net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.21"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "3.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "3.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matt Langlois of Github Security Team",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-1045",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-1045",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-72702",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-1045",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-1045",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1045",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2020-1045",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-1045",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-72702",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202009-369",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-1045",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "\u003cp\u003eA security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.\u003c/p\u003e\n\u003cp\u003eThe ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.\u003c/p\u003e\n. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to set a second cookie. The following products and versions are affected: ASP.NET Core 2.1 version, ASP.NET Core 3.1 version. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux\nAdvisory ID:       RHSA-2020:3697-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3697\nIssue date:        2020-09-08\nCVE Names:         CVE-2020-1045\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.108-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.108-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.108-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1045\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX1fMj9zjgjWX9erEAQh6wA/+NBE91/LaDoq9eYFxfrqVguYZ1Pmb0oBs\nB4B0pXCUloGDDFTLmFPyIXPwXt1oklGPJ7/UuA4A6Bn2pNNLCGCbP/sDRHOoqcoe\nNMWrC5z3f8eHU0A+OLZjCfUBHrkZl3FCgDqGW4h5un0TCfCA/x5RRq/3gp/QKYmq\ncIckR5jkQtw9HrAsUdhjNfnapqGOpryMj0BEy43p1sr3dWeR4vndaddjz7ghbddZ\nyt2igJzvQJzaY4f788dGqC07HzPL0ehEhqyvyyJtRK7Mg97q+rai5xyQuVS76y94\naogTKj8YI4r0FI0yhz5v+4Skr7osCSoodIucTEpYuB3i1A+ZLg+3hlSSogsryOUA\njy46wqFivHPMggNXXKrE0usJNPZf3+7dpuSarNtm57SFKKCx18dAhWUkK0WjTYox\naa9NEAT5+z7NSI8snTwVP7bVbTRGIZPZbWEzMcL4VGjo05iGm32UCj1tHJYUWEhS\nsZD7gSqAk/ieuRAYXAd9DStKFPmjf5lKe823L1Fjw6fIGHGXfjeAyhuvIArL1UJc\nK9IKEBrG9FoxXd/01jOrjvobbEeMbLnFo3mRSMd6n1/nBGNbp9cTbELzQzX13Vf8\n/LNeD82fuk2reO7w430Zx0AJZH3kyjLB5zbtLtVwC8f2oOVYbGgJY4gcWTOgp5ej\ngKRtEISquJk=Nco9\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "db": "PACKETSTORM",
        "id": "159112"
      },
      {
        "db": "PACKETSTORM",
        "id": "159113"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1045",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159113",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "49612",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3075",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159112",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "PACKETSTORM",
        "id": "159112"
      },
      {
        "db": "PACKETSTORM",
        "id": "159113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "id": "VAR-202009-0169",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:44:27.074000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-1045\u00a0|\u00a0Microsoft\u00a0ASP.NET\u00a0Core\u00a0Security\u00a0Feature\u00a0Bypass\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1045"
      },
      {
        "title": "Microsoft .NET Core and ASP.NET Core security feature bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/242194"
      },
      {
        "title": "Microsoft .NET Core  and Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=127790"
      },
      {
        "title": "Red Hat: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203697 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: .NET Core 3.1 security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203699 - Security Advisory"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1045"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2020:3699"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1045"
      },
      {
        "trust": 1.6,
        "url": "https://security.snyk.io/vuln/snyk-rhel8-dotnet-1439600"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.8/3.1.8.md#changes-in-318"
      },
      {
        "trust": 1.2,
        "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1045"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ln2fuvbsvpgk7au3nmlo3yr6cgonqpb/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/asicxqxs4m7mtaf6sgqmclca63dlcut3/"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200909-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200036.html"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ln2fuvbsvpgk7au3nmlo3yr6cgonqpb/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/asicxqxs4m7mtaf6sgqmclca63dlcut3/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/49612"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-asp-net-core-privilege-escalation-33271"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159113/red-hat-security-advisory-2020-3699-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3075/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2020:3697"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1045"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187294"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "PACKETSTORM",
        "id": "159112"
      },
      {
        "db": "PACKETSTORM",
        "id": "159113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "db": "PACKETSTORM",
        "id": "159112"
      },
      {
        "db": "PACKETSTORM",
        "id": "159113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "date": "2020-09-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "date": "2020-10-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "date": "2020-09-08T21:26:00",
        "db": "PACKETSTORM",
        "id": "159112"
      },
      {
        "date": "2020-09-08T21:26:09",
        "db": "PACKETSTORM",
        "id": "159113"
      },
      {
        "date": "2020-09-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "date": "2020-09-11T17:15:18.307000",
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-72702"
      },
      {
        "date": "2020-10-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1045"
      },
      {
        "date": "2020-10-27T07:09:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      },
      {
        "date": "2022-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      },
      {
        "date": "2024-11-21T05:09:37.813000",
        "db": "NVD",
        "id": "CVE-2020-1045"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft\u00a0ASP.NET\u00a0Core\u00a0 Vulnerabilities that bypass security functions in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-009287"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-369"
      }
    ],
    "trust": 0.6
  }
}

var-201905-1185
Vulnerability from variot

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. An attacker can exploit this issue to cause a denial of service condition.

Bug Fix(es):

  • dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)

  • -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary:

Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)

  • dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)

  • dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)

  • Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)

  • Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)

  • Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm

x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm

x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1185",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "4.8"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2.0 sp2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nemanja Mijailovic,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-0981",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0981",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-20377",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0981",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0981",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0981",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-20377",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-395",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0981",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. This vulnerability CVE-2019-0820 and CVE-2019-0980 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Both Microsoft .NET Core and Microsoft ASP.NET Core are products of Microsoft Corporation of the United States. .NET Core is a free open source development platform. The platform has features such as multi-language support and cross-platform. Microsoft ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability originates from improper design or implementation during code development of a network system or product. The following products and versions are affected: Microsoft .NET Framework version 4.7.2, version 4.7.1, version 4.6.2, version 4.6.1, version 3.5.1, version 4.8, version 4.7, version 4.6, version 4.5.2, Version 3.5, 3.0 SP2, 2.0 SP2; .NET Core 2.2, 2.1, 1.1, 1.0. \nAn attacker can exploit this issue to cause a denial of service condition. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2019:1236-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:1236\nIssue date:        2019-05-15\nCVE Names:         CVE-2019-0820 CVE-2019-0980 CVE-2019-0981\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now\navailable for .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0980)\n\n* dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of\nService (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863)\n\n* Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932)\n\n* Broken apphost caused by unset DOTNET_ROOT (BZ#1703479)\n\n* Make bash completion compatible with rh-dotnet22 packages (BZ#1705259)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1654863 - Re-enable bash completion in rh-dotnet22-dotnet\n1678932 - Error rebuilding rh-dotnet22-curl in CentOS\n1703479 - Broken apphost caused by unset DOTNET_ROOT\n1703508 - Update to .NET Core 1.1.13\n1704454 - Update to .NET Core 1.0.16\n1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107\n1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507\n1705259 - Make bash completion compatible with rh-dotnet22 packages\n1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service\n1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service\n1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-10.el7.src.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-10.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-10.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-7.el7.src.rpm\nrh-dotnet22-curl-7.61.1-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-7.el7.x86_64.rpm\nrh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0820\nhttps://access.redhat.com/security/cve/CVE-2019-0980\nhttps://access.redhat.com/security/cve/CVE-2019-0981\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB\nhMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3\n3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH\nkCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ\npTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa\nUcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN\nNqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg\nz+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB\nn7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP\nDPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD\n/I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm\nKCZo5tPFVoU=dJ6F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0981",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "108207",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "152999",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "152953",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1839",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1740",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "id": "VAR-201905-1185",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:59:52.602000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0981 | .Net Framework and .Net Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
      },
      {
        "title": "CVE-2019-0981 | .NET Framework \u3068 .NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0981"
      },
      {
        "title": "Patch for Microsoft .NET Core and Microsoft ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/211629"
      },
      {
        "title": "Microsoft .NET Core  and Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92545"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191236 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191259 - Security Advisory"
      },
      {
        "title": "sharpfuzz",
        "trust": 0.1,
        "url": "https://github.com/Metalnem/sharpfuzz "
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
      },
      {
        "trust": 2.4,
        "url": "https://access.redhat.com/errata/rhsa-2019:1259"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/rhsa-2019:1236"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0981"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190023.html"
      },
      {
        "trust": 0.7,
        "url": "https://www.securityfocus.com/bid/108207"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/81042"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152953/red-hat-security-advisory-2019-1236-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
      },
      {
        "trust": 0.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0981"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-0820"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/metalnem/sharpfuzz"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108207"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "db": "BID",
        "id": "108207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "date": "2019-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108207"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "date": "2019-05-22T14:39:27",
        "db": "PACKETSTORM",
        "id": "152999"
      },
      {
        "date": "2019-05-16T23:05:23",
        "db": "PACKETSTORM",
        "id": "152953"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "date": "2019-05-16T19:29:05.020000",
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20377"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0981"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108207"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      },
      {
        "date": "2024-11-21T04:17:36.803000",
        "db": "NVD",
        "id": "CVE-2019-0981"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft  .NET Framework and  .NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003825"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-395"
      }
    ],
    "trust": 0.6
  }
}

var-202001-0122
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. "Denial of service (DoS) May be in a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from the software's incorrect handling of web requests. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:0134-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134 Issue date: 2020-01-16 CVE Names: CVE-2020-0602 CVE-2020-0603 ==================================================================== 1. Summary:

An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.

Security Fixes:

  • dotnet: Memory Corruption in SignalR (CVE-2020-0603)

  • dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)

Users must rebuild their applications to pick up the fixes.

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102 1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101 1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue 1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm

x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm

x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm

x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0603 https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6 KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3 FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ 2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+ XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1 2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw 8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK EuYGFNW4Ux4\xadZz -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0122",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "none"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "eus"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-0602",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-0602",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-16652",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-0602",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2020-0602",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-0602",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-0602",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-16652",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-471",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. \"Denial of service (DoS) May be in a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from the software\u0027s incorrect handling of web requests. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2020:0134-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:0134\nIssue date:        2020-01-16\nCVE Names:         CVE-2020-0602 CVE-2020-0603\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available\nfor .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. The updated versions are .NET Core SDK 3.0.102, .NET Core\nRuntime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. \n\nSecurity Fixes:\n\n* dotnet: Memory Corruption in SignalR (CVE-2020-0603)\n\n* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)\n\nUsers must rebuild their applications to pick up the fixes. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102\n1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101\n1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue\n1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-0602\nhttps://access.redhat.com/security/cve/CVE-2020-0603\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j\nF2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6\nKjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3\nFIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B\nedz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ\n2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+\nXXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI\nM3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM\nL6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1\n2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw\n8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK\nEuYGFNW4Ux4\\xadZz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0602",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155981",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0186",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "155977",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "id": "VAR-202001-0122",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:33:37.607000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RHSA-2020:0130",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/RHSA-2020:0130"
      },
      {
        "title": "RHSA-2020:0134",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/RHSA-2020:0134"
      },
      {
        "title": "CVE-2020-0602 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
      },
      {
        "title": "CVE-2020-0602 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0602"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-16652)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/208311"
      },
      {
        "title": "Microsoft ASP.NET Core Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108469"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2020:0130"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2020:0134"
      },
      {
        "trust": 2.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0602"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0602"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0602"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200001.html"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-0602"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0186/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155981/red-hat-security-advisory-2020-0134-01.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-0603"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0603"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "date": "2020-01-16T16:43:31",
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "date": "2020-01-16T16:45:15",
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "date": "2020-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "date": "2020-01-14T23:15:30.287000",
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-16652"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      },
      {
        "date": "2020-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      },
      {
        "date": "2024-11-21T04:53:50.220000",
        "db": "NVD",
        "id": "CVE-2020-0602"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Denial of service in Japan  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001114"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-471"
      }
    ],
    "trust": 0.6
  }
}

var-201801-1126
Vulnerability from variot

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. An attacker can exploit this issue to gain elevated privileges

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1126",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "windows version for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "1017030"
      },
      {
        "model": "asp.net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "BID",
        "id": "102377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "K\u00e9vin Chalet",
    "sources": [
      {
        "db": "BID",
        "id": "102377"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0784",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-0784",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-00899",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-0784",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0784",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0784",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-00899",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-406",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user\u0027s security context. \nAn attacker can exploit this issue to gain elevated privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "db": "BID",
        "id": "102377"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0784",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "102377",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1040151",
        "trust": 2.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "BID",
        "id": "102377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "id": "VAR-201801-1126",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:41.699000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784"
      },
      {
        "title": "CVE-2018-0784 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0784"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2018-00899)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/113385"
      },
      {
        "title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77661"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/102377"
      },
      {
        "trust": 2.2,
        "url": "http://www.securitytracker.com/id/1040151"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0784"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180002.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0784"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "BID",
        "id": "102377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "db": "BID",
        "id": "102377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102377"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "date": "2018-01-10T01:29:00.243000",
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00899"
      },
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102377"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      },
      {
        "date": "2024-11-21T03:38:56.513000",
        "db": "NVD",
        "id": "CVE-2018-0784"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Vulnerability in which privileges are elevated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001241"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-406"
      }
    ],
    "trust": 0.6
  }
}

var-201904-0790
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0790",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "BID",
        "id": "107701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Giorgi Dalakishvili of the Bank of Georgia",
    "sources": [
      {
        "db": "BID",
        "id": "107701"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-0815",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0815",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-13859",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0815",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0815",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0815",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-13859",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-364",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0815",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "db": "BID",
        "id": "107701"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0815",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "107701",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "43570",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "db": "BID",
        "id": "107701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "id": "VAR-201904-0790",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:58:44.818000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0815 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
      },
      {
        "title": "CVE-2019-0815 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2019-0815"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-13859)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/160999"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91193"
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-april-2019"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.securityfocus.com/bid/107701"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0815"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0815"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0815"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190410-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190015.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/43570"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107701"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "db": "BID",
        "id": "107701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "db": "BID",
        "id": "107701"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "BID",
        "id": "107701"
      },
      {
        "date": "2019-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "date": "2019-04-09T21:29:01.270000",
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13859"
      },
      {
        "date": "2019-04-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0815"
      },
      {
        "date": "2019-04-09T00:00:00",
        "db": "BID",
        "id": "107701"
      },
      {
        "date": "2019-04-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      },
      {
        "date": "2019-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      },
      {
        "date": "2024-11-21T04:17:19.770000",
        "db": "NVD",
        "id": "CVE-2019-0815"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002689"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-364"
      }
    ],
    "trust": 0.6
  }
}

var-201901-1459
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. This vulnerability CVE-2019-0564 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================

  1. Summary:

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

  • .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)

  • .NET Core: ANCM WebSocket DOS (CVE-2019-0548)

  • .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1459",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "BID",
        "id": "106410"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "106410"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-0548",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0548",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-16191",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0548",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0548",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0548",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-16191",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-172",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. This vulnerability CVE-2019-0564 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nAn attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2019:0040-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0040\nIssue date:        2019-01-09\nCVE Names:         CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "db": "BID",
        "id": "106410"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0548",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "106410",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "151061",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "BID",
        "id": "106410"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "id": "VAR-201901-1459",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:00:08.576000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0548 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0548"
      },
      {
        "title": "CVE-2019-0548 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0548"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-16191)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/162591"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88359"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/106410"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:0040"
      },
      {
        "trust": 1.4,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0548"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "BID",
        "id": "106410"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "db": "BID",
        "id": "106410"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106410"
      },
      {
        "date": "2019-01-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "date": "2019-01-09T15:05:39",
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "date": "2019-01-08T21:29:00.707000",
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16191"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106410"
      },
      {
        "date": "2019-01-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      },
      {
        "date": "2019-02-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      },
      {
        "date": "2024-11-21T04:16:50.060000",
        "db": "NVD",
        "id": "CVE-2019-0548"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001027"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-172"
      }
    ],
    "trust": 0.6
  }
}

var-201807-1618
Vulnerability from variot

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


Title: Microsoft Security Update Releases Issued: July 19, 2018


Summary

The following CVEs have undergone a major revision increment:

  • CVE-2018-8202
  • CVE-2018-8260
  • CVE-2018-8284
  • CVE-2018-8356

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for all supported editions of Windows 10. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Important
  • Version: 2.0

The following CVEs have undergone a major revision increment:

  • CVE-2018-0949
  • CVE-2018-8242
  • CVE-2018-8287
  • CVE-2018-8288
  • CVE-2018-8291
  • CVE-2018-8296

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Note that the IE Cumulative updates are not affected. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Important
  • Version: 2.0

The following CVEs have undergone a major revision increment:

  • CVE-2018-8125 * CVE-2018-8279 * CVE-2018-8301
  • CVE-2018-8206 * CVE-2018-8280 * CVE-2018-8304
  • CVE-2018-8222 * CVE-2018-8282 * CVE-2018-8307
  • CVE-2018-8262 * CVE-2018-8286 * CVE-2018-8308
  • CVE-2018-8274 * CVE-2018-8289 * CVE-2018-8309
  • CVE-2018-8275 * CVE-2018-8290 * CVE-2018-8313
  • CVE-2018-8276 * CVE-2018-8294 * CVE-2018-8314
  • CVE-2018-8278 * CVE-2018-8297 * CVE-2018-8324 * CVE-2018-8325

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: To address a known issue in the security updates released on July 10, Microsoft is releasing Cumulative Update packages for Windows 10, and Standalone and Preview Rollup packages for all other supported editions of Windows. These packages are available via Microsoft Update catalog, WSUS, or by manually searching Windows Update. Customers who are experiencing issues after installing the July Windows security updates should install the replacement packages as applicable. Please refer to the Affected Products table for the replacement package KB numbers. Customers who have successfully installed the security updates and who are not experiencing any issues do not need to take any action.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Critical
  • Version: 2.0

The following CVE has undergone a major revision increment:

  • CVE-2018-8356

Revision Information:

  • https://portal.msrc.microsoft.com/en-us/security-guidance
  • Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0 and PowerShell Core 6.1 because these products are affected by CVE-2018-9356. See https://github.com/PowerShell/Announcements/issues/6 for more information.
  • Originally posted: July 10, 2018
  • Updated: July 19, 2018
  • Aggregate CVE Severity Rating: Important
  • Version: 3.0

Other Information

Recognize and avoid fraudulent email to Microsoft customers:

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/dn753714.


THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.


Microsoft respects your privacy. Please read our online Privacy Statement at http://go.microsoft.com/fwlink/?LinkId=81184.

If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033.

These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services.

For legal Information, see: http://www.microsoft.com/info/legalinfo/default.mspx.

This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1 8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0 7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF +8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg BeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx 5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1 S0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD 9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9 XGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl Yd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf yhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G lvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34= =b7n1 -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1618",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.5"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.5.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.5.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.6"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.6.2"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": ".net framework developer pack",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "4.7.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": ".net framework",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "3.0 sp2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework_developer_pack",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_framework",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      }
    ]
  },
  "cve": "CVE-2018-8356",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-8356",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "id": "CVE-2018-8356",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8356",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8356",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-831",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n********************************************************************\nTitle: Microsoft Security Update Releases\nIssued: July 19, 2018\n********************************************************************\n\nSummary\n=======\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8202\n* CVE-2018-8260\n* CVE-2018-8284\n* CVE-2018-8356\n  \nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n   updates released on July 10, Microsoft is releasing Cumulative\n   Update packages for all supported editions of Windows 10. These\n   packages are available via Microsoft Update catalog, WSUS, or by\n   manually searching Windows Update. Customers who are experiencing\n   issues after installing the July Windows security updates should\n   install the replacement packages as applicable. Please refer to the Affected Products table for the\n   replacement package KB numbers. Customers who have successfully\n   installed the security updates and who are not experiencing any\n   issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-0949\n* CVE-2018-8242\n* CVE-2018-8287\n* CVE-2018-8288\n* CVE-2018-8291\n* CVE-2018-8296\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n   updates released on July 10, Microsoft is releasing Cumulative\n   Update packages for Windows 10, and Standalone and Preview Rollup\n   packages for all other supported editions of Windows. These packages\n   are available via Microsoft Update catalog, WSUS, or by manually\n   searching Windows Update. Customers who are experiencing issues\n   after installing the July Windows security updates should install\n   the replacement packages as applicable. Note that the IE Cumulative\n   updates are not affected. Please refer to the Affected Products\n   table for the replacement package KB numbers. Customers who have\n   successfully installed the security updates and who are not\n   experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 2.0\n\nThe following CVEs have undergone a major revision increment:\n\n* CVE-2018-8125\t* CVE-2018-8279\t* CVE-2018-8301\n* CVE-2018-8206\t* CVE-2018-8280\t* CVE-2018-8304\n* CVE-2018-8222\t* CVE-2018-8282\t* CVE-2018-8307\n* CVE-2018-8262\t* CVE-2018-8286\t* CVE-2018-8308\n* CVE-2018-8274\t* CVE-2018-8289\t* CVE-2018-8309\n* CVE-2018-8275\t* CVE-2018-8290\t* CVE-2018-8313\n* CVE-2018-8276\t* CVE-2018-8294\t* CVE-2018-8314\n* CVE-2018-8278\t* CVE-2018-8297\t* CVE-2018-8324\n\t\t\t\t* CVE-2018-8325\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: To address a known issue in the security\n   updates released on July 10, Microsoft is releasing Cumulative\n   Update packages for Windows 10, and Standalone and Preview Rollup\n   packages for all other supported editions of Windows. These\n   packages are available via Microsoft Update catalog, WSUS, or by\n   manually searching Windows Update. Customers who are experiencing\n   issues after installing the July Windows security updates should\n   install the replacement packages as applicable. Please refer to the\n   Affected Products table for the replacement package KB numbers. \n   Customers who have successfully installed the security updates and\n   who are not experiencing any issues do not need to take any action. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Critical\n - Version: 2.0\n\n The following CVE has undergone a major revision increment:\n\n* CVE-2018-8356\n\nRevision Information:\n=====================\n\n - https://portal.msrc.microsoft.com/en-us/security-guidance\n - Reason for Revision: Revised the Affected Products table to\n   include PowerShell Core 6.0 and PowerShell Core 6.1 because\n   these products are affected by CVE-2018-9356. See \n   https://github.com/PowerShell/Announcements/issues/6 for \n   more information. \n - Originally posted: July 10, 2018\n - Updated: July 19, 2018\n - Aggregate CVE Severity Rating: Important\n - Version: 3.0\n\nOther Information\n=================\n\nRecognize and avoid fraudulent email to Microsoft customers:\n=============================================================\nIf you receive an email message that claims to be distributing \na Microsoft security update, it is a hoax that may contain \nmalware or pointers to malicious websites. Microsoft does \nnot distribute security updates via email. \n\nThe Microsoft Security Response Center (MSRC) uses PGP to digitally \nsign all security notifications. However, PGP is not required for \nreading security notifications, reading security bulletins, or \ninstalling security updates. You can obtain the MSRC public PGP key\nat \u003chttps://technet.microsoft.com/security/dn753714\u003e. \n\n********************************************************************\nTHE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS\nPROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. MICROSOFT\nDISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING\nTHE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. \nIN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE\nLIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\nINCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL\nDAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN\nADVISED OF THE POSSIBILITY OF SUCH DAMAGES. \nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY\nFOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING\nLIMITATION MAY NOT APPLY. \n********************************************************************\n\nMicrosoft respects your privacy. Please read our online Privacy\nStatement at \u003chttp://go.microsoft.com/fwlink/?LinkId=81184\u003e. \n\nIf you would prefer not to receive future technical security\nnotification alerts by email from Microsoft and its family of\ncompanies please visit the following website to unsubscribe:\n\u003chttps://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar\nd.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e\u0026%3blcid=1033\u003e. \n\nThese settings will not affect any newsletters youave requested or\nany mandatory service communications that are considered part of\ncertain Microsoft services. \n\nFor legal Information, see:\n\u003chttp://www.microsoft.com/info/legalinfo/default.mspx\u003e. \n\nThis newsletter was sent by:\nMicrosoft Corporation\n1 Microsoft Way\nRedmond, Washington, USA\n98052\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAltRJ4QACgkQEEiO2re1\n8uhBGRAAqV/EWkEhrEVrYfOPJe0fzDxFKVu8PespooUpb+/xYFKj0RvyGPBwWkK0\n7lGixsk0HDH/VGRevfEPWBUMEDyPp7yudESs7K/Almv0X5Tq9EXa8xsoLOfWmUsF\n+8OjbFDlsgmJDnsOvrELRAul7bjJDvte3q0jB8QsDIhaMWDOkvKuFfB6M8KwLEJg\nBeKY/Mudn4BbDxxpMBq72kDCNy6WQar9igbZMS0xu2sDSuTLzqC7qfUg9jseqwhx\n5uKJWSKrgCcJ73erJnZRvb1LAglhxD1NGoFdQP36EiIkccOB6kIYv33hpDNd6jf1\nS0N8nJVYiUQVqg4ITBtQch5ws6fxXfTIUh7m+oQ4pxvLBbw5QLScub0/AV6ucSaD\n9Ace1QwDaOJP+D8aA/+mdmTwr9SvLspNDOm9HkNu10ktRRDyu8PMPf3XGoCAQ1n9\nXGtin526zCPy68yFG4BqzN2XSQfft97pwwgcG0KYRV3kB7tbswrtJWOOFbVXvLUl\nYd9yvpMql7qfH6p+6f8hS+LG41EEDTqCVEaMT8HTSjld+W36AP2WqlWuSXG9YRBf\nyhulJ6nF3lbiG1h4pZkY5vrGjvFcfbN4YhSA+FepEolJAnWOtZBg9lswNSuIse3G\nlvBVHDiKdzpX3ey1qri1czIaC/r46OKW6YuAr4nzhoJKwdfpS34=\n=b7n1\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "BID",
        "id": 104664
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8356",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "104664",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1041257",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "148630",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": 104664
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "id": "VAR-201807-1618",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T21:52:57.468000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
      },
      {
        "title": "CVE-2018-8356 | .NET Framework \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8356"
      },
      {
        "title": "Microsoft .NET Framework Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81895"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8356"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1041257"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/104664"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8356"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8356"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180711-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180028.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/info/legalinfo/default.mspx\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://go.microsoft.com/fwlink/?linkid=81184\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8260"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8202"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/powershell/announcements/issues/6"
      },
      {
        "trust": 0.1,
        "url": "https://technet.microsoft.com/security/dn753714\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://profile.microsoft.com/regsysprofilecenter/subscriptionwizar"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8284"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": 104664
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "date": "2018-07-20T08:22:22",
        "db": "PACKETSTORM",
        "id": "148630"
      },
      {
        "date": "2018-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "date": "2018-07-11T00:29:02.587000",
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      },
      {
        "date": "2022-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      },
      {
        "date": "2024-11-21T04:13:40.677000",
        "db": "NVD",
        "id": "CVE-2018-8356"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Vulnerabilities that bypass security functions in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007178"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-831"
      }
    ],
    "trust": 0.6
  }
}

var-202311-1422
Vulnerability from variot

ASP.NET Core Denial of Service Vulnerability

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202311-1422",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.22"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.7.7"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.7"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.10"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.14"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.2"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.7"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": ".net",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "cve": "CVE-2023-36038",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-36038",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secure@microsoft.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-36038",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-36038",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36038",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2023-36038",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36038",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Denial of Service Vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36038",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU93250330",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-04",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "id": "VAR-202311-1422",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T12:19:29.851000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ASP.NET\u00a0Core\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36038"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-36038"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93250330/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36038"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/security-alert/2023/1115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2023/at230028.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "date": "2023-11-14T22:15:28.733000",
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-06-17T08:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      },
      {
        "date": "2024-05-29T02:15:59.797000",
        "db": "NVD",
        "id": "CVE-2023-36038"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft\u0027s multiple \u00a0Microsoft\u00a0 product \u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-007400"
      }
    ],
    "trust": 0.8
  }
}

var-201809-1040
Vulnerability from variot

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a "denial of service".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-1040",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 2.3,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.3,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "system.io.pipelines",
        "scope": null,
        "trust": 1.4,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.4"
      },
      {
        "model": "system.io.pipelines",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "4.5.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.4"
      },
      {
        "model": ".net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "system.io.pipelines",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "system.io.pipelines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:system.io.pipelines",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-8409",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-8409",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-00352",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-8409",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-8409",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8409",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8409",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-00352",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-539",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1. The vendor System.IO.Pipelines As a \"denial of service\".Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft .NET Core is a free and open source development platform. The platform has features such as multi-language support and cross-platform. ASP.NET Core is a cross-platform open source framework. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. System.IO.Pipelines is a library for performing high-performance IO in .NET. A remote attacker can use this vulnerability to cause a denial of service by submitting a specially crafted request to the application",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "BID",
        "id": "105223"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8409",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "105223",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "id": "VAR-201809-1040",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      }
    ],
    "trust": 0.99586466
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:06:36.540000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8409 | System.IO.Pipelines Denial of Service",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8409"
      },
      {
        "title": "CVE-2018-8409 | System.IO.Pipelines \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8409"
      },
      {
        "title": "Patch for Microsoft .NET Core, ASP.NET Core, and System.IO.Pipelines Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/148781"
      },
      {
        "title": "Microsoft .NET Core , ASP.NET Core  and System.IO.Pipelines Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84810"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/105223"
      },
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8409"
      },
      {
        "trust": 1.4,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8409"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180912-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180038.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8409"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "db": "BID",
        "id": "105223"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "BID",
        "id": "105223"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "date": "2018-09-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "date": "2018-09-13T00:29:02.037000",
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-04T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-00352"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "BID",
        "id": "105223"
      },
      {
        "date": "2018-11-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      },
      {
        "date": "2024-11-21T04:13:46.097000",
        "db": "NVD",
        "id": "CVE-2018-8409"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Microsoft Service disruption in products  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009516"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-539"
      }
    ],
    "trust": 0.6
  }
}

var-201801-1127
Vulnerability from variot

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A remote attacker could use this vulnerability to change the recovery code on a user's account, causing a denial of service (permanent account lockout). An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1127",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "1.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "BID",
        "id": "102379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "K\u00e9vin Chalet",
    "sources": [
      {
        "db": "BID",
        "id": "102379"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0785",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-0785",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2018-00898",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-0785",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0785",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0785",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-00898",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201801-405",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Cross Site Request Forgery Vulnerability\". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A remote attacker could use this vulnerability to change the recovery code on a user\u0027s account, causing a denial of service (permanent account lockout). \nAn attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "db": "BID",
        "id": "102379"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0785",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "102379",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040151",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "38604",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "BID",
        "id": "102379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "id": "VAR-201801-1127",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:41.731000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0785 | ASP.NET Core Cross Site Request Forgery Vulnerabilty",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785"
      },
      {
        "title": "CVE-2018-0785 | ASP.NET Core \u306e\u30af\u30ed\u30b9 \u30b5\u30a4\u30c8 \u30ea\u30af\u30a8\u30b9\u30c8 \u30d5\u30a9\u30fc\u30b8\u30a7\u30ea\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0785"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/113387"
      },
      {
        "title": "Microsoft ASP.NET Core Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77660"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0785"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/102379"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1040151"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0785"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180002.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0785"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/38604"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "BID",
        "id": "102379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "BID",
        "id": "102379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102379"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "date": "2018-01-10T01:29:00.290000",
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-01-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "date": "2018-01-09T00:00:00",
        "db": "BID",
        "id": "102379"
      },
      {
        "date": "2018-02-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-001242"
      },
      {
        "date": "2018-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      },
      {
        "date": "2024-11-21T03:38:56.653000",
        "db": "NVD",
        "id": "CVE-2018-0785"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft ASP.NET Core Cross-Site Request Forgery Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-00898"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201801-405"
      }
    ],
    "trust": 0.6
  }
}

var-201807-2080
Vulnerability from variot

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. Microsoft ASP.NET is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to make unlimited login requests. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-2080",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net mvc",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "5.2"
      },
      {
        "model": "asp.net webpages",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "3.2.3"
      },
      {
        "model": "asp.net web pages",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "3.2.3"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "BID",
        "id": "104659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_model_view_controller",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_webpages",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Martin Knafve",
    "sources": [
      {
        "db": "BID",
        "id": "104659"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-8171",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-8171",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2018-15445",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-8171",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8171",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8171",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-15445",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-881",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. Microsoft ASP.NET is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to make unlimited login requests. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "db": "BID",
        "id": "104659"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8171",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "104659",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1041267",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "BID",
        "id": "104659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "id": "VAR-201807-2080",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:52:56.868000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8171 | ASP.NET Security Feature Bypass Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8171"
      },
      {
        "title": "CVE-2018-8171 | ASP.NET \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8171"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Security Bypass Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/137603"
      },
      {
        "title": "Microsoft ASP.NET Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81945"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8171"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/104659"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1041267"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8171"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180711-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180028.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8171"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "BID",
        "id": "104659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "db": "BID",
        "id": "104659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "date": "2018-07-10T00:00:00",
        "db": "BID",
        "id": "104659"
      },
      {
        "date": "2018-10-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "date": "2018-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "date": "2018-07-11T00:29:00.320000",
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-15445"
      },
      {
        "date": "2018-07-10T00:00:00",
        "db": "BID",
        "id": "104659"
      },
      {
        "date": "2018-10-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      },
      {
        "date": "2021-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      },
      {
        "date": "2024-11-21T04:13:23.863000",
        "db": "NVD",
        "id": "CVE-2018-8171"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Vulnerabilities bypassing security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007985"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-881"
      }
    ],
    "trust": 0.6
  }
}

var-201810-1125
Vulnerability from variot

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. An attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:2902-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2902 Issue date: 2018-10-09 CVE Names: CVE-2018-8292 =====================================================================

  1. Summary:

Updates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

These versions correspond to the October 2018 security release by .NET Core upstream projects.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm

x86_64: rh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm

x86_64: rh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-8292 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/88

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH VYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N Z7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ gzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3 NrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n LuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB f9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb INZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7 FgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y +1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs sdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az 9K+HIBmUA6I= =+FXG -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-1125",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "105548"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-8292",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-8292",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-8292",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8292",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8292",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-492",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-8292",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka \".NET Core Information Disclosure Vulnerability.\" This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. \nAn attacker can exploit this issue to obtain sensitive information. Successful exploits will lead to other  attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2018:2902-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:2902\nIssue date:        2018-10-09\nCVE Names:         CVE-2018-8292 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnetcore11-dotnetcore, and rh-dotnetcore10-dotnetcore are\nnow available for .NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nThese versions correspond to the October 2018 security release by .NET Core\nupstream projects. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.13-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.13-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.10-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.10-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8292\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://github.com/dotnet/announcements/issues/88\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW71EydzjgjWX9erEAQhK3Q/8DwPo83R6HBwUmO2gO56n0ci7BOOZ1HfH\nVYRSvXSPaBf8fbFSaZN5+OJhPBJfnCiEIgO8cSuMYf3zWebkIONZnkzB55BJqD0N\nZ7wS2R4bI6Mw33K9ET2WhoUF7JiZDU+Spu7T2TW9roAms7U7IJBXMi52N3pAS3yQ\ngzvB8Fuci3xsGqyIYMgt0SmqnlkqbZmR35Yq7e3yxMzAlY/lp7tfQ/ZxIHfxDKh3\nNrT8nKj58i0WGlOKxlWsTDadHwrCe9YoZVn8FRJJdCDE+tjW6KNmXKOy08qPfp3n\nLuikowCnqyQh6CoKJ91q47zsq7j8hisj0z7CgMLxO2Y4Gk9hSni5ynlxlDUYWDrB\nf9mi4LlnBp1Dwjnv7IJee9SXR4M7fIuwbexhBv8OGzijwXvHZkfZ5aceTAqrBYIb\nINZNaHwGQIgwkHkanz3N6pPbrfXTvOfcIWmrctyYfI05RsW4FRXm1dh2tF7y1uK7\nFgWNvDxAAZqYhk2SBYPtUfQNkNktkLZ0M76QEXcgCrYr5OTTCM92pxZjLPmbYx2Y\n+1Kl+cSvk3nschXLbuXjGtWiuBrJXtdDW8ytt2bC5lyxylo8mYSl7G5V0eDifMKs\nsdHtMLM5S+4xrAQ4avNEFgqz4h78s6mY4Dq9fXkZUbYXLFLbaIb/foGUnnWJ5/az\n9K+HIBmUA6I=\n=+FXG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "BID",
        "id": "105548"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "db": "PACKETSTORM",
        "id": "149745"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8292",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "105548",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-8292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149745",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "db": "BID",
        "id": "105548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "PACKETSTORM",
        "id": "149745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "id": "VAR-201810-1125",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:12:18.450000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8292 | .NET Core Information Disclosure Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8292"
      },
      {
        "title": "CVE-2018-8292 | .NET Core \u306e\u60c5\u5831\u6f0f\u3048\u3044\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8292"
      },
      {
        "title": "Microsoft .NET Core  and PowerShell Core Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85661"
      },
      {
        "title": "Red Hat: Moderate: .NET Core on Red Hat Enterprise Linux security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182902 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2018-8292",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-8292"
      },
      {
        "title": "TrivyDepsFalsePositive",
        "trust": 0.1,
        "url": "https://github.com/StasJS/TrivyDepsFalsePositive "
      },
      {
        "title": "OssIndexClient",
        "trust": 0.1,
        "url": "https://github.com/SimonCropp/OssIndexClient "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8292"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2018:2902"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/105548"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8292"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8292"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20181010-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180041.html"
      },
      {
        "trust": 0.4,
        "url": "https://github.com/dotnet/announcements/issues/88"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/stasjs/trivydepsfalsepositive"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/simoncropp/ossindexclient"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105548"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-8292"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "db": "BID",
        "id": "105548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "PACKETSTORM",
        "id": "149745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "db": "BID",
        "id": "105548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "db": "PACKETSTORM",
        "id": "149745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "BID",
        "id": "105548"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "date": "2018-10-10T17:38:30",
        "db": "PACKETSTORM",
        "id": "149745"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "date": "2018-10-10T13:29:01.213000",
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-8292"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "BID",
        "id": "105548"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      },
      {
        "date": "2024-11-21T04:13:33.930000",
        "db": "NVD",
        "id": "CVE-2018-8292"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft NET Core and  PowerShell Core Vulnerability in which information is disclosed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010455"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-492"
      }
    ],
    "trust": 0.6
  }
}

var-201909-0498
Vulnerability from variot

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Microsoft ASP.NET Core version 2.1, 2.2, and 3.0 have an input validation error vulnerability. An attacker could use this vulnerability to run a script in the security context of the current user

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0498",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ian Routledge (@ediblecode)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-1302",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-1302",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-1302",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-1302",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-1302",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-1302",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201909-483",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027. The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nMicrosoft ASP.NET Core version 2.1, 2.2, and 3.0 have an input validation error vulnerability. An attacker could use this vulnerability to run a script in the security context of the current user",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1302",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "id": "VAR-201909-0498",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:25:47.264000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1302"
      },
      {
        "title": "CVE-2019-1302 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1302"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98071"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1302"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1302"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1302"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190911-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2019/at190036.html"
      },
      {
        "trust": 0.6,
        "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1302"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-september-2019-30306"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "date": "2019-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "date": "2019-09-11T22:15:19.087000",
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      },
      {
        "date": "2019-09-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      },
      {
        "date": "2024-11-21T04:36:26.117000",
        "db": "NVD",
        "id": "CVE-2019-1302"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Vulnerability in which privileges are elevated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-009186"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201909-483"
      }
    ],
    "trust": 0.6
  }
}

var-201803-1622
Vulnerability from variot

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to implement HTML injection attacks to gain elevated permissions. An attacker can exploit this issue to gain elevated privileges

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1622",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "BID",
        "id": "103282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mikhail Shcherbakov",
    "sources": [
      {
        "db": "BID",
        "id": "103282"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0787",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-0787",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-06777",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-0787",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0787",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0787",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06777",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-534",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". The vendor ASP.NET Core As a privilege escalation vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to implement HTML injection attacks to gain elevated permissions. \nAn attacker can exploit this issue to gain elevated privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "db": "BID",
        "id": "103282"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0787",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "103282",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1040525",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "39065",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "BID",
        "id": "103282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "id": "VAR-201803-1622",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:22:11.611000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0787 | ASP.NET Core Elevation of Privilege Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787"
      },
      {
        "title": "CVE-2018-0787 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0787"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Remote Elevation of Privilege Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/124357"
      },
      {
        "title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79183"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-640",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0787"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0787"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/103282"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1040525"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/aspnet/announcements/issues/295"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0787"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180011.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/39065"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "BID",
        "id": "103282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "db": "BID",
        "id": "103282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "date": "2018-03-13T00:00:00",
        "db": "BID",
        "id": "103282"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "date": "2018-03-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "date": "2018-03-14T17:29:00.370000",
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06777"
      },
      {
        "date": "2018-03-13T00:00:00",
        "db": "BID",
        "id": "103282"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      },
      {
        "date": "2018-03-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      },
      {
        "date": "2024-11-21T03:38:56.940000",
        "db": "NVD",
        "id": "CVE-2018-0787"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Vulnerability in which privileges are elevated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002558"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-534"
      }
    ],
    "trust": 0.6
  }
}

var-201905-1186
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. An attacker can exploit this issue to cause a denial of service condition

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1186",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft.",
    "sources": [
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-0982",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0982",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-20378",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0982",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0982",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0982",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-20378",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-393",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-0982",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. \nAn attacker can exploit this issue to cause a denial of service condition",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0982",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "108208",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "id": "VAR-201905-1186",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:21:36.874000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0982 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
      },
      {
        "title": "CVE-2019-0982 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0982"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-20378)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/211635"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92543"
      },
      {
        "title": "Symantec Threat Intelligence Blog",
        "trust": 0.1,
        "url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-may-2019"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0982"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0982"
      },
      {
        "trust": 1.3,
        "url": "https://www.securityfocus.com/bid/108208"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0982"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190515-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190023.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-net-vulnerabilities-of-may-2019-29296"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/19.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108208"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "db": "BID",
        "id": "108208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "date": "2019-05-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108208"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "date": "2019-05-16T19:29:05.083000",
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-20378"
      },
      {
        "date": "2019-05-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-0982"
      },
      {
        "date": "2019-05-14T00:00:00",
        "db": "BID",
        "id": "108208"
      },
      {
        "date": "2019-05-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      },
      {
        "date": "2019-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      },
      {
        "date": "2024-11-21T04:17:36.993000",
        "db": "NVD",
        "id": "CVE-2019-0982"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003823"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-393"
      }
    ],
    "trust": 0.6
  }
}

var-201907-1509
Vulnerability from variot

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could exploit this vulnerability with a specially crafted URL to redirect users to a malicious website. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1509",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.2"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "microsoft",
        "version": "2.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Reported through Datalust.",
    "sources": [
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2019-1075",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-1075",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-1075",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-1075",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-1075",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-430",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-1075",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-1075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka \u0027ASP.NET Core Spoofing Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could exploit this vulnerability with a specially crafted URL to redirect users to a malicious website. \nAn attacker can leverage this issue by constructing a crafted URI and  enticing a user to follow it. When an unsuspecting victim follows the  link, they may be redirected to an attacker-controlled site; this may  aid in phishing attacks. Other attacks are possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1075"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1075",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108984",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-1075",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-1075"
      },
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "id": "VAR-201907-1509",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:11:56.680000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-1075 | ASP.NET Core Spoofing Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
      },
      {
        "title": "CVE-2019-1075 | ASP.NET Core \u306e\u306a\u308a\u3059\u307e\u3057\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1075"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94569"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ExpLangcn/FuYao-Go "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-1075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1075"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1075"
      },
      {
        "trust": 0.9,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1075"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190710-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190029.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.securityfocus.com/bid/108984"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-1075"
      },
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1075"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "BID",
        "id": "108984"
      },
      {
        "date": "2019-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "date": "2019-07-15T19:15:17.343000",
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-1075"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "BID",
        "id": "108984"
      },
      {
        "date": "2019-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      },
      {
        "date": "2019-07-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      },
      {
        "date": "2024-11-21T04:35:57.970000",
        "db": "NVD",
        "id": "CVE-2019-1075"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Vulnerability to be spoofed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-006509"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "108984"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-430"
      }
    ],
    "trust": 0.9
  }
}

var-202101-1406
Vulnerability from variot

ASP.NET Core and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0096-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0096 Issue date: 2021-01-13 CVE Names: CVE-2021-1723 =====================================================================

  1. Summary:

An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2.

Security Fix(es):

  • dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm

x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm

x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm

x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-1723 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ oSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy bhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP GRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge l97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG iqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg hHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL jFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD yYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt FXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l ZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj allfL6TeAQ== =fmd6 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1406",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "visual studio 2019",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "asp.net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0.1"
      },
      {
        "model": "visual studio 2019",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.8"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "asp.net core",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "3.1.10"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "160935"
      },
      {
        "db": "PACKETSTORM",
        "id": "160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "160930"
      },
      {
        "db": "PACKETSTORM",
        "id": "160934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2021-1723",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-1723",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-1723",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-1723",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-1723",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-809",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1723",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID:       RHSA-2021:0096-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0096\nIssue date:        2021-01-13\nCVE Names:         CVE-2021-1723 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.102 and .NET Runtime\n5.0.2. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock\nwhen using HTTP2 (CVE-2021-1723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914258 - CVE-2021-1723 dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.102-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.2-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.102-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.102-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-1723\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIUAwUBX/8ENtzjgjWX9erEAQjh5A/2IdPxRp4QSVH27LBp52uli+P8iYNYUQzJ\noSP0BhxXlPnwty70y6h3XF04F2AgWdqddLa07e/lQo/tZfD4x8a7N5qJzCd3AaHy\nbhQaw5Rs2Yi/JM3l7nJbwL3kMnQ6+rg/w9IZG0JLPjEnURlcJmIArgIuNmWPBoxP\nGRVhNlEohEwbQhgwwp0PJkIhX9MxvpVT0OPbcUV6TGox65X+b8kMuUfjRhuKdEge\nl97WHuXTXa6QZMgaH28lSe8Vo6tkhzH89UEgo4CweybzptzPEgNfD4GOfpOrt9HG\niqiRhMnpVrfp+nqet1k+seBfjeTkMfZBmrGR8nsU69rCqG85gWvtuT5j5ba5PWRg\nhHAg/bG4zIRlvRgIgTD00wVkGL0DC4zE/iI3bXZ7ATdl8pCADi1+uRyBwshbjbvL\njFo8RrHE4DCtM1+X0jJhPnED3tMQmNQkmYd/sUzj6dM1OfYUFu6CDnyqOo9wIPkD\nyYTKp1/2lM8eJDtihM4vRRtfBUicagPAQ7Qu52VjDs9PwtSAReDE0FAnnfqfoRqt\nFXwdqez+GIpc6JgVp+wgof9zY3mq+MKS3WKZwt+v7KUbsSrg0sQTYpuMI+JFjG9l\nZzAeU/ifax0HbO4R3rz2evVsT4yLGcSW7Yb/cTuPypLMFojFpSDzpkODfw3TGArj\nallfL6TeAQ==\n=fmd6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "db": "PACKETSTORM",
        "id": "160935"
      },
      {
        "db": "PACKETSTORM",
        "id": "160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "160930"
      },
      {
        "db": "PACKETSTORM",
        "id": "160934"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1723",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160930",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0129",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1723",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160935",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160946",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "160934",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "db": "PACKETSTORM",
        "id": "160935"
      },
      {
        "db": "PACKETSTORM",
        "id": "160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "160930"
      },
      {
        "db": "PACKETSTORM",
        "id": "160934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "id": "VAR-202101-1406",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T23:07:40.639000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Microsoft ASP.NET Core  and Visual Studio Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139337"
      },
      {
        "title": "Red Hat: Important: dotnet5.0 security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210094 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210114 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dotnet3.1 security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210095 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210096 - Security Advisory"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-17"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-1723 log"
      },
      {
        "title": "Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-16"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1723"
      },
      {
        "trust": 1.0,
        "url": "https://access.redhat.com/security/cve/cve-2021-1723"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1723"
      },
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1723"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rrxherxw4kr5wcp76udw5pc7gx3yqluw/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3l27cgrvewupelnjogtcw6gledbecb4b/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-january-2021-34297"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-17007/cve-2021-1723"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160930/red-hat-security-advisory-2021-0096-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/asp-net-core-denial-of-service-via-callbacks-34307"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0129/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/errata/rhsa-2021:0094"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/193942"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0095"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0096"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "db": "PACKETSTORM",
        "id": "160935"
      },
      {
        "db": "PACKETSTORM",
        "id": "160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "160930"
      },
      {
        "db": "PACKETSTORM",
        "id": "160934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "db": "PACKETSTORM",
        "id": "160935"
      },
      {
        "db": "PACKETSTORM",
        "id": "160946"
      },
      {
        "db": "PACKETSTORM",
        "id": "160930"
      },
      {
        "db": "PACKETSTORM",
        "id": "160934"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "date": "2021-01-13T15:19:08",
        "db": "PACKETSTORM",
        "id": "160935"
      },
      {
        "date": "2021-01-13T23:19:30",
        "db": "PACKETSTORM",
        "id": "160946"
      },
      {
        "date": "2021-01-13T15:11:46",
        "db": "PACKETSTORM",
        "id": "160930"
      },
      {
        "date": "2021-01-13T15:18:53",
        "db": "PACKETSTORM",
        "id": "160934"
      },
      {
        "date": "2021-01-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      },
      {
        "date": "2021-01-12T20:15:34.993000",
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1723"
      },
      {
        "date": "2021-01-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      },
      {
        "date": "2024-11-21T05:44:58.590000",
        "db": "NVD",
        "id": "CVE-2021-1723"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft ASP.NET Core and Visual Studio Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-809"
      }
    ],
    "trust": 0.6
  }
}

var-201811-0478
Vulnerability from variot

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary:

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • .NET Core: Arbitrary file and directory creation (CVE-2018-8416)

For more information, please refer to the upstream docs in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm

x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm

x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm

x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0478",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": ".net core",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Danny Grander of Snyk.",
    "sources": [
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-8416",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2018-8416",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-8416",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8416",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8416",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-363",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2018:3676-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2018:3676\nIssue date:        2018-11-27\nCVE Names:         CVE-2018-8416\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* .NET Core: Arbitrary file and directory creation (CVE-2018-8416)\n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-dotnet-2.1.500-5.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-8416\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6\n8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK\np3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA\ngAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh\nezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy\ngmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l\nt4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3\nrRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9\nlzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2\nGpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4\nW9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC\nuuianWdqhaI=i2VD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "PACKETSTORM",
        "id": "150479"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8416",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "105798",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1042128",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "150479",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "PACKETSTORM",
        "id": "150479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "id": "VAR-201811-0478",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-11-23T22:58:49.543000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8416 | .NET Core Tampering Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8416"
      },
      {
        "title": "CVE-2018-8416 | .NET Core \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8416"
      },
      {
        "title": "Microsoft .NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86772"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2018:3676"
      },
      {
        "trust": 1.7,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1042128"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/105798"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8416"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8416"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180046.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-8416"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "PACKETSTORM",
        "id": "150479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "db": "PACKETSTORM",
        "id": "150479"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-13T00:00:00",
        "db": "BID",
        "id": "105798"
      },
      {
        "date": "2019-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "date": "2018-11-27T17:23:43",
        "db": "PACKETSTORM",
        "id": "150479"
      },
      {
        "date": "2018-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "date": "2018-11-14T01:29:00.427000",
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-13T00:00:00",
        "db": "BID",
        "id": "105798"
      },
      {
        "date": "2019-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      },
      {
        "date": "2020-10-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      },
      {
        "date": "2024-11-21T04:13:47",
        "db": "NVD",
        "id": "CVE-2018-8416"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Core Vulnerabilities to be tampered with",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013498"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "105798"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-363"
      }
    ],
    "trust": 0.9
  }
}

var-202005-0134
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. (DoS) Vulnerability exists. Microsoft Visual Studio is a series of development tool suite products and a basic and complete development tool set. It includes most of the tools needed throughout the software life cycle. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Important: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:2249-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2249 Issue date: 2020-05-21 CVE Names: CVE-2020-1108 CVE-2020-1161 =====================================================================

  1. Summary:

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4.

Security Fix(es):

  • dotnet: Denial of service via untrusted input (CVE-2020-1108)
  • dotnet: Denial of service due to infinite loop (CVE-2020-1161)

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input 1827645 - CVE-2020-1161 dotnet: Denial of service due to infinite loop

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-dotnet-3.1.104-2.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-dotnet-3.1.104-2.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-dotnet-3.1.104-2.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-1108 https://access.redhat.com/security/cve/CVE-2020-1161 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXsaf4tzjgjWX9erEAQjTHA//daLObmVWkk7wO3loCqPQJgXiuyshm1Jj 2pXg1tT24AQE2lGzOts8f7HjpCC60LeSAXLQseKlmZ7Nrdhi/KE8dFto3JhcBp0n fjFHoImjPgz5cIOWU94LS9H3ST9Ih+kL9b9o4DIRff6/KlpWEvdfoMejgaNl4zjW YV+ozpiDxmvOo0OudxMgFiw17iSUO28a3HZqLBz+DE/7+2RY8irLGVyYo/0XVpz0 mnbkDWcue4wJmDcQzrtsSSLm2L3m3CIHGF4kJ+C3QdSdtOQchHG3Y9XtkeEEIWz8 uHE+gkfRU9Nm+cw+4QMW7o0b1mwX329oyd+1O5D/KeaJ6ABM8yfihEfmVxSpCGW1 4+qSjDNeauC+c/Rm0jBtWRQCct/XJQbBrqii05dlarA9a+YHiBeIkDt5U46Y0/FD CcAsZtyf1Zfe8DyTFMsEQ5DDltudbRgguTbEmMBEeOOkmZFQE7aSI5veeWuUuxqs UIjckIgUN7MWYtm8Fq4KMOJe5l4uYwY3T3G6r8AxxJs1PLokuYvT7CHTkjPg9hEG Dv4J3fkzD9rybvaZUDkTDDLgGoK3zHSlcYlRAEwLT9aN2pCF0PyHYnZtsdz93oEP tyddvt2olVLDsJBkYlTvwRBVNLTzv7Uj4qFUJqW4LjhtGpHZvld60Gf7xh8ooqv7 g8PwL1mfJdI= =8ZmH -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0134",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "visual studio 2019",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.5"
      },
      {
        "model": "visual studio 2017",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.1"
      },
      {
        "model": "visual studio 2017",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.9"
      },
      {
        "model": "visual studio 2019",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.0"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2017 version 15.9 (includes 15.0 - 15.8)"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2019 version 16.0"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2019 version 16.4 (includes 16.0 - 16.3)"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2019 version 16.5"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "201715.9"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "201916.0"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "201916.4"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "201916.5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:visual_studio",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-1161",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-1161",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005783",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-40626",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-1161",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-005783",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1161",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-005783",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-40626",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202005-568",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027. (DoS) Vulnerability exists. Microsoft Visual Studio is a series of development tool suite products and a basic and complete development tool set. It includes most of the tools needed throughout the software life cycle. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2020:2249-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:2249\nIssue date:        2020-05-21\nCVE Names:         CVE-2020-1108 CVE-2020-1161 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core SDK 3.1.104 and .NET Core\nRuntime 3.1.4. \n\nSecurity Fix(es):\n\n* dotnet: Denial of service via untrusted input (CVE-2020-1108)\n* dotnet: Denial of service due to infinite loop (CVE-2020-1161)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1827643 - CVE-2020-1108 dotnet: Denial of service via untrusted input\n1827645 - CVE-2020-1161 dotnet: Denial of service due to infinite loop\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.104-2.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.4-2.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.104-2.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.104-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1108\nhttps://access.redhat.com/security/cve/CVE-2020-1161\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXsaf4tzjgjWX9erEAQjTHA//daLObmVWkk7wO3loCqPQJgXiuyshm1Jj\n2pXg1tT24AQE2lGzOts8f7HjpCC60LeSAXLQseKlmZ7Nrdhi/KE8dFto3JhcBp0n\nfjFHoImjPgz5cIOWU94LS9H3ST9Ih+kL9b9o4DIRff6/KlpWEvdfoMejgaNl4zjW\nYV+ozpiDxmvOo0OudxMgFiw17iSUO28a3HZqLBz+DE/7+2RY8irLGVyYo/0XVpz0\nmnbkDWcue4wJmDcQzrtsSSLm2L3m3CIHGF4kJ+C3QdSdtOQchHG3Y9XtkeEEIWz8\nuHE+gkfRU9Nm+cw+4QMW7o0b1mwX329oyd+1O5D/KeaJ6ABM8yfihEfmVxSpCGW1\n4+qSjDNeauC+c/Rm0jBtWRQCct/XJQbBrqii05dlarA9a+YHiBeIkDt5U46Y0/FD\nCcAsZtyf1Zfe8DyTFMsEQ5DDltudbRgguTbEmMBEeOOkmZFQE7aSI5veeWuUuxqs\nUIjckIgUN7MWYtm8Fq4KMOJe5l4uYwY3T3G6r8AxxJs1PLokuYvT7CHTkjPg9hEG\nDv4J3fkzD9rybvaZUDkTDDLgGoK3zHSlcYlRAEwLT9aN2pCF0PyHYnZtsdz93oEP\ntyddvt2olVLDsJBkYlTvwRBVNLTzv7Uj4qFUJqW4LjhtGpHZvld60Gf7xh8ooqv7\ng8PwL1mfJdI=\n=8ZmH\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1161"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1161",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "157794",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1814",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "46715",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1161",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "157788",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "id": "VAR-202005-0134",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:05:38.779000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-1161 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1161"
      },
      {
        "title": "CVE-2020-1161 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-1161"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core input validation error vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/225853"
      },
      {
        "title": "Microsoft ASP.NET Core Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119629"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1161"
      },
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1161"
      },
      {
        "trust": 1.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-1161"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1161"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200513-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200022.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/157794/red-hat-security-advisory-2020-2250-01.html"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/46715"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1814/"
      },
      {
        "trust": 0.6,
        "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1161"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2020-32249"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1108"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-1108"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181110"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2250"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:2249"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-1161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "date": "2020-05-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1161"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "date": "2020-05-21T16:41:39",
        "db": "PACKETSTORM",
        "id": "157794"
      },
      {
        "date": "2020-05-21T16:34:50",
        "db": "PACKETSTORM",
        "id": "157788"
      },
      {
        "date": "2020-05-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "date": "2020-05-21T23:15:17.603000",
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "date": "2020-05-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-1161"
      },
      {
        "date": "2020-06-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-005783"
      },
      {
        "date": "2020-05-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      },
      {
        "date": "2024-11-21T05:09:52.817000",
        "db": "NVD",
        "id": "CVE-2020-1161"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft ASP.NET Core input validation error vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-40626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202005-568"
      }
    ],
    "trust": 0.6
  }
}

var-201901-1474
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. This vulnerability CVE-2019-0548 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Successful exploits will attackers to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 =====================================================================

  1. Summary:

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1.

Security Fix(es):

  • .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545)

  • .NET Core: ANCM WebSocket DOS (CVE-2019-0548)

  • .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information, please refer to the upstream docs in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm

x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm

x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1474",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.1"
      },
      {
        "model": "powershell core",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "BID",
        "id": "106413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:powershell_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "106413"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2019-0564",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-0564",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-16189",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-0564",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-0564",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-0564",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-16189",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-157",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. This vulnerability CVE-2019-0548 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nSuccessful exploits will attackers to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: .NET Core on Red Hat Enterprise Linux security update\nAdvisory ID:       RHSA-2019:0040-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:0040\nIssue date:        2019-01-09\nCVE Names:         CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 \n=====================================================================\n\n1. Summary:\n\nUpdates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for\n.NET Core on Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 2.1.5 and 2.2.1. \n\nSecurity Fix(es):\n\n* .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final\nresponse leads to info disclosure (CVE-2019-0545)\n\n* .NET Core: ANCM WebSocket DOS (CVE-2019-0548)\n\n* .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and\nASP.NET) (CVE-2019-0564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream docs in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure\n1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)\n1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-6.el7.src.rpm\nrh-dotnet21-dotnet-2.1.503-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-6.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-2.el7.src.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-2.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0545\nhttps://access.redhat.com/security/cve/CVE-2019-0548\nhttps://access.redhat.com/security/cve/CVE-2019-0564\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX\n1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq\nDN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI\nDgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR\nZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R\ntgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43\n+Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV\nkLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3\nL7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR\n+GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P\nAtkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc\neGIiHj6xieM=\n=m5dC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "db": "BID",
        "id": "106413"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-0564",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "106413",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "151061",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "BID",
        "id": "106413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "id": "VAR-201901-1474",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:00:08.540000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0564"
      },
      {
        "title": "CVE-2019-0564 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-0564"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2019-16189)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/162599"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88344"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/106413"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0564"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:0040"
      },
      {
        "trust": 1.4,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0564"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0564"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20190109-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2019/at190002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0564"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-0548"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0545"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "BID",
        "id": "106413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "db": "BID",
        "id": "106413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106413"
      },
      {
        "date": "2019-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "date": "2019-01-09T15:05:39",
        "db": "PACKETSTORM",
        "id": "151061"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "date": "2019-01-08T21:29:01.317000",
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-16189"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "BID",
        "id": "106413"
      },
      {
        "date": "2019-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      },
      {
        "date": "2019-02-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      },
      {
        "date": "2024-11-21T04:16:51.857000",
        "db": "NVD",
        "id": "CVE-2019-0564"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-001013"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-157"
      }
    ],
    "trust": 0.6
  }
}

var-201705-3360
Vulnerability from variot

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "system.text.encodings.web",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.net.http",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.1"
      },
      {
        "model": "system.net.http.winhttphandler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.net.security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.0"
      },
      {
        "model": "system.net.websockets.client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.text.encodings.web",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.0"
      },
      {
        "model": "system.net.http.winhttphandler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.1"
      },
      {
        "model": "system.net.websockets.client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.0"
      },
      {
        "model": "system.net.security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.net.http",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "asp.net",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "core"
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "asp.net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "BID",
        "id": "98118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "98118"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-0249",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-0249",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-07323",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-0249",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-0249",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-0249",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07323",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-736",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-0249",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "db": "BID",
        "id": "98118"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-0249",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "98118",
        "trust": 0.4
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "db": "BID",
        "id": "98118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "id": "VAR-201705-3360",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:13:01.670000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
        "trust": 0.8,
        "url": "https://github.com/aspnet/Announcements/issues/239"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/94179"
      },
      {
        "title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70329"
      },
      {
        "title": "OssIndexClient",
        "trust": 0.1,
        "url": "https://github.com/SimonCropp/OssIndexClient "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/shiftingleft/dotnet-scm-test "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/jnewman-sonatype/DotNetTest "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://github.com/aspnet/announcements/issues/239"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0249"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "https://technet.microsoft.com/library/security/4021279.aspx"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/98118"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/simoncropp/ossindexclient"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "db": "BID",
        "id": "98118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "db": "BID",
        "id": "98118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "date": "2017-05-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "date": "2017-05-10T00:00:00",
        "db": "BID",
        "id": "98118"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "date": "2017-05-12T14:29:04.003000",
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07323"
      },
      {
        "date": "2021-06-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-0249"
      },
      {
        "date": "2017-05-23T16:25:00",
        "db": "BID",
        "id": "98118"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      },
      {
        "date": "2021-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      },
      {
        "date": "2024-11-21T03:02:37.610000",
        "db": "NVD",
        "id": "CVE-2017-0249"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft ASP.NET Core Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003294"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-736"
      }
    ],
    "trust": 0.6
  }
}

var-201803-1625
Vulnerability from variot

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. This vulnerability CVE-2018-0784 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1625",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "BID",
        "id": "103226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrei Gorlov",
    "sources": [
      {
        "db": "BID",
        "id": "103226"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-0808",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-0808",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-06803",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-0808",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0808",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-0808",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06803",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201803-533",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-0808",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0784. This vulnerability CVE-2018-0784 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "db": "BID",
        "id": "103226"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0808",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "103226",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1040504",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "db": "BID",
        "id": "103226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "id": "VAR-201803-1625",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:26:26.497000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-0808 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808"
      },
      {
        "title": "CVE-2018-0808 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0808"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2018-06803)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/124403"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79182"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2018/03/13/patch_tuesday_march_2018/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/microsoft/microsoft-march-patch-tuesday-fixes-74-security-issues/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/103226"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0808"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1040504"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0808"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0808"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180011.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103226"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "db": "BID",
        "id": "103226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "db": "BID",
        "id": "103226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "date": "2018-03-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "date": "2018-03-13T00:00:00",
        "db": "BID",
        "id": "103226"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "date": "2018-03-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "date": "2018-03-14T17:29:00.433000",
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06803"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-0808"
      },
      {
        "date": "2018-03-13T00:00:00",
        "db": "BID",
        "id": "103226"
      },
      {
        "date": "2018-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      },
      {
        "date": "2024-11-21T03:38:59.657000",
        "db": "NVD",
        "id": "CVE-2018-0808"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Vulnerability in which privileges are elevated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002559"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201803-533"
      }
    ],
    "trust": 0.6
  }
}

var-201711-1053
Vulnerability from variot

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". An attacker can use this vulnerability to obtain sensitive information about the target system by submitting malicious input to the affected software. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. ASP.NET Core 1.0, and 1.1 are vulnerable

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-1053",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "1.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.3,
        "vendor": "microsoft",
        "version": "1.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "microsoft",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "BID",
        "id": "101712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "101712"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-8700",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-8700",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-37102",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-8700",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-8700",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-8700",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37102",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-1077",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-8700",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\". An attacker can use this vulnerability to obtain sensitive information about the target system by submitting malicious input to the affected software. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. \nASP.NET Core 1.0, and 1.1 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "db": "BID",
        "id": "101712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-8700",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "101712",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1039793",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "db": "BID",
        "id": "101712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "id": "VAR-201711-1053",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:40:11.209000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"
      },
      {
        "title": "CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-8700"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/108075"
      },
      {
        "title": "Microsoft Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99815"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/11/15/november_patch_tuesday/"
      },
      {
        "title": "Red Hat: CVE-2017-8700",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-8700"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/101712"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8700"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039793"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8700"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2017/at170044.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8700"
      },
      {
        "trust": 0.6,
        "url": "http://technet.microsoft.com/security/bulletin/november"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55873"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "db": "BID",
        "id": "101712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "db": "BID",
        "id": "101712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "101712"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "date": "2017-11-15T03:29:02.060000",
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37102"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-8700"
      },
      {
        "date": "2017-12-19T22:00:00",
        "db": "BID",
        "id": "101712"
      },
      {
        "date": "2017-12-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      },
      {
        "date": "2024-11-21T03:34:31.573000",
        "db": "NVD",
        "id": "CVE-2017-8700"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core In  Cross-Origin Resource Sharing Vulnerability that can be bypassed",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010212"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1077"
      }
    ],
    "trust": 0.6
  }
}

var-202310-0175
Vulnerability from variot

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Description:

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

Description:

Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.

This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.

Description:

nghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C.

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23.

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Description:

IBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services.

IBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments.

This release updates the IBM Business Automation Manager Open Editions images to 8.0.4. ========================================================================== Ubuntu Security Notice USN-6754-1 April 25, 2024

nghttp2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in nghttp2.

Software Description: - nghttp2: HTTP/2 C Library and tools

Details:

It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511, CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. (CVE-2024-28182)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10: libnghttp2-14 1.55.1-1ubuntu0.2 nghttp2 1.55.1-1ubuntu0.2 nghttp2-client 1.55.1-1ubuntu0.2 nghttp2-proxy 1.55.1-1ubuntu0.2 nghttp2-server 1.55.1-1ubuntu0.2

Ubuntu 22.04 LTS: libnghttp2-14 1.43.0-1ubuntu0.2 nghttp2 1.43.0-1ubuntu0.2 nghttp2-client 1.43.0-1ubuntu0.2 nghttp2-proxy 1.43.0-1ubuntu0.2 nghttp2-server 1.43.0-1ubuntu0.2

Ubuntu 20.04 LTS: libnghttp2-14 1.40.0-1ubuntu0.3 nghttp2 1.40.0-1ubuntu0.3 nghttp2-client 1.40.0-1ubuntu0.3 nghttp2-proxy 1.40.0-1ubuntu0.3 nghttp2-server 1.40.0-1ubuntu0.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.30.0-1ubuntu1+esm2 nghttp2 1.30.0-1ubuntu1+esm2 nghttp2-client 1.30.0-1ubuntu1+esm2 nghttp2-proxy 1.30.0-1ubuntu1+esm2 nghttp2-server 1.30.0-1ubuntu1+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro): libnghttp2-14 1.7.1-1ubuntu0.1~esm2 nghttp2 1.7.1-1ubuntu0.1~esm2 nghttp2-client 1.7.1-1ubuntu0.1~esm2 nghttp2-proxy 1.7.1-1ubuntu0.1~esm2 nghttp2-server 1.7.1-1ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4631.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

==================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat OpenShift Dev Spaces 3.15.0 release Advisory ID: RHSA-2024:4631-03 Product: Red Hat OpenShift Dev Spaces Advisory URL: https://access.redhat.com/errata/RHSA-2024:4631 Issue date: 2024-07-18 Revision: 03 CVE Names: CVE-2022-3064 ====================================================================

Summary:

Red Hat OpenShift Dev Spaces 3.15 has been released.

All containers have been updated to include feature enhancements, bug fixes and CVE fixes.

Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.

Description:

Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.

The 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.

Users still using the v1 standard should migrate as soon as possible.

https://devfile.io/docs/2.2.0/migrating-to-devfile-v2

Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.

https://access.redhat.com/support/policy/updates/openshift#crw

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-3064

References:

https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces https://access.redhat.com/security/cve/CVE-2022-3064 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-28948 https://access.redhat.com/security/cve/CVE-2022-46175 https://access.redhat.com/security/cve/CVE-2023-6378 https://access.redhat.com/security/cve/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-41080 https://access.redhat.com/security/cve/CVE-2023-44487 https://access.redhat.com/security/cve/CVE-2023-45288 https://access.redhat.com/security/cve/CVE-2023-45648 https://issues.redhat.com/browse/CRW-6593

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0175",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.8"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "self node remediation operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip websafe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "migration toolkit for virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openshift sandboxed containers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "unified contact center enterprise - live data server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "12.6.2"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "prime cable provisioning",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.2.1"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "windows 10 22h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19045.3570"
      },
      {
        "model": "jboss core services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip websafe",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "tomcat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "10.1.0"
      },
      {
        "model": "grpc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "grpc",
        "version": "1.58.0"
      },
      {
        "model": "oncommand insight",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.0.80"
      },
      {
        "model": "http",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ietf",
        "version": "2.0"
      },
      {
        "model": "openshift pipelines",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "nx-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.2\\(7\\)"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "10.1.13"
      },
      {
        "model": "linkerd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "linkerd",
        "version": "2.14.1"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "3scale api management platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "advanced cluster security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "kong gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "konghq",
        "version": "3.4.2"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.20"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "jboss fuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "certification for red hat enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "jetty",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "12.0.0"
      },
      {
        "model": "windows server 2022",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.0.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "openshift service mesh",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "windows 10 1809",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.17763.4974"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "istio",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "istio",
        "version": "1.18.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": ".net",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.23"
      },
      {
        "model": "firepower threat defense",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.4.2"
      },
      {
        "model": "ios xr",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.11.2"
      },
      {
        "model": "prime access registrar",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "9.3.3"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "azure kubernetes service",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2023-10-08"
      },
      {
        "model": "openresty",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openresty",
        "version": "1.21.4.3"
      },
      {
        "model": "connected mobile experiences",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.1"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "tomcat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.5.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "swiftnio http\\/2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.28.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.23"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "nghttp2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nghttp2",
        "version": "1.57.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "jenkins",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "jenkins",
        "version": "2.414.2"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "20.0.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "nginx ingress controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "3.3.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "18.18.2"
      },
      {
        "model": "traefik",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "traefik",
        "version": "2.10.5"
      },
      {
        "model": "astra control center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "nginx plus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "r30"
      },
      {
        "model": "cert-manager operator for red hat openshift",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "go",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "golang",
        "version": "1.21.3"
      },
      {
        "model": "big-ip websafe",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "jboss data grid",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "prime infrastructure",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "3.10.4"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "networking",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "golang",
        "version": "0.17.0"
      },
      {
        "model": "apisix",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "3.6.1"
      },
      {
        "model": "nginx plus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "r29"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "istio",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "istio",
        "version": "1.18.3"
      },
      {
        "model": "decision manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "secure web appliance",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "15.1.0"
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "ultra cloud core - policy control function",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2024.01.0"
      },
      {
        "model": "istio",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "istio",
        "version": "1.19.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "secure malware analytics",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.19.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "18.0.0"
      },
      {
        "model": "node maintenance operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip next service proxy for kubernetes",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "jenkins",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "jenkins",
        "version": "2.427"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "secure dynamic attributes connector",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2.2.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "opensearch data prepper",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "amazon",
        "version": "2.5.0"
      },
      {
        "model": "ultra cloud core - policy control function",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2024.01.0"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "node healthcheck operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.7"
      },
      {
        "model": "integration camel k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openshift distributed tracing",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "service interconnect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.0"
      },
      {
        "model": "openshift container platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "run once duration override operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "jetty",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "9.4.53"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "prime network registrar",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "11.2"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "unified contact center domain manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "process automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "11.0.0"
      },
      {
        "model": "nginx ingress controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "2.4.2"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "traffic server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.2.3"
      },
      {
        "model": "big-ip websafe",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "jetty",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "10.0.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "openshift api for data protection",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "crosswork data gateway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.1.3"
      },
      {
        "model": "support for spring boot",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "nx-os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.3\\(5\\)"
      },
      {
        "model": "armeria",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linecorp",
        "version": "1.26.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.12"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "38"
      },
      {
        "model": "traefik",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "traefik",
        "version": "3.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "grpc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "grpc",
        "version": "1.58.3"
      },
      {
        "model": "openshift gitops",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "crosswork data gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "5.0"
      },
      {
        "model": "caddy",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "caddyserver",
        "version": "2.7.5"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "istio",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "istio",
        "version": "1.17.6"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "ios xe",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "17.15.1"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "openshift serverless",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip websafe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "nginx plus",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "r25"
      },
      {
        "model": ".net",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "varnish cache",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "varnish cache",
        "version": "2023-10-10"
      },
      {
        "model": "jetty",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "11.0.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "20.8.1"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "crosswork zero touch provisioning",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "6.0.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "satellite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "http server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "akka",
        "version": "10.5.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip next",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "20.0.1"
      },
      {
        "model": "openshift secondary scheduler operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "ultra cloud core - session management function",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2024.02.0"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "nginx ingress controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "3.0.0"
      },
      {
        "model": "iot field network director",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "4.11.0"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "go",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "golang",
        "version": "1.21.0"
      },
      {
        "model": "http2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "golang",
        "version": "0.17.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "machine deletion remediation operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openshift",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "build of optaplanner",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "37"
      },
      {
        "model": "jetty",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "10.0.17"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "envoy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "envoyproxy",
        "version": "1.25.9"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "jetty",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "12.0.2"
      },
      {
        "model": "h2o",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dena",
        "version": "2023-10-10"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "openstack platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "17.1"
      },
      {
        "model": "linkerd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "linkerd",
        "version": "2.13.1"
      },
      {
        "model": "cbl-mariner",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2023-10-11"
      },
      {
        "model": "grpc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "grpc",
        "version": "1.56.3"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "windows 11 22h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22621.2428"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.7.5"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "envoy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "envoyproxy",
        "version": "1.26.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "http2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "kazu yamamoto",
        "version": "4.2.2"
      },
      {
        "model": "jetty",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "eclipse",
        "version": "11.0.17"
      },
      {
        "model": "nginx plus",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "r29"
      },
      {
        "model": "linkerd",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "linkerd",
        "version": "2.12.0"
      },
      {
        "model": "cost management",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "solr",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.4.0"
      },
      {
        "model": "traffic server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.1.9"
      },
      {
        "model": "contour",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "projectcontour",
        "version": "2023-10-11"
      },
      {
        "model": "telepresence video communication server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x14.3.3"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "integration camel for spring boot",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "windows 10 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.19044.3570"
      },
      {
        "model": "fence agents remediation operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "ultra cloud core - serving gateway function",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "2024.02.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "linkerd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "linkerd",
        "version": "2.14.0"
      },
      {
        "model": "integration service registry",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openstack platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "16.2"
      },
      {
        "model": "openshift virtualization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "openshift dev spaces",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "logging subsystem for red hat openshift",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "netty",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "netty",
        "version": "4.1.100"
      },
      {
        "model": "openshift data science",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "windows server 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "11.0"
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "go",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "golang",
        "version": "1.20.10"
      },
      {
        "model": "fog director",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.22"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "linkerd",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "linkerd",
        "version": "2.12.5"
      },
      {
        "model": "big-ip next service proxy for kubernetes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.8.2"
      },
      {
        "model": ".net",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.12"
      },
      {
        "model": "nx-os",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "10.3\\(1\\)"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "tomcat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.0.0"
      },
      {
        "model": "single sign-on",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openshift developer tools and services",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "proxygen",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "facebook",
        "version": "2023.10.16.00"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "expressway",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x14.3.3"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "windows 10 1607",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.14393.6351"
      },
      {
        "model": "jboss fuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.12"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "12.0"
      },
      {
        "model": "data center network manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "cryostat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "tomcat",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.5.93"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "build of quarkus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "jboss a-mq streams",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "web terminal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "unified contact center management portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4"
      },
      {
        "model": "migration toolkit for applications",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "quay",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0.0"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "envoy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "envoyproxy",
        "version": "1.24.10"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip websafe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "migration toolkit for containers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "windows server 2016",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "windows 11 21h2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "10.0.22000.2538"
      },
      {
        "model": ".net",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.9.5"
      },
      {
        "model": "certification for red hat enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "9.0"
      },
      {
        "model": "big-ip advanced web application firewall",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "service telemetry framework",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "1.5"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "17.1.0"
      },
      {
        "model": "jboss a-mq",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise chat and email",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "network observability operator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "openstack platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "16.1"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.25.2"
      },
      {
        "model": "advanced cluster management for kubernetes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "ansible automation platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.0"
      },
      {
        "model": "grpc",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "grpc",
        "version": "1.57.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.10"
      },
      {
        "model": "advanced cluster security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "big-ip ssl orchestrator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "nginx ingress controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "2.0.0"
      },
      {
        "model": "grpc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "grpc",
        "version": "1.59.2"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "istio",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "istio",
        "version": "1.19.0"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.4"
      },
      {
        "model": "envoy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "envoyproxy",
        "version": "1.27.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "openshift container platform assisted installer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "linkerd",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "linkerd",
        "version": "2.13.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.5"
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip application visibility and reporting",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.5"
      },
      {
        "model": "big-ip carrier-grade nat",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "ceph storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "big-ip ddos hybrid defender",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.1.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175289"
      },
      {
        "db": "PACKETSTORM",
        "id": "175389"
      },
      {
        "db": "PACKETSTORM",
        "id": "175376"
      },
      {
        "db": "PACKETSTORM",
        "id": "175127"
      },
      {
        "db": "PACKETSTORM",
        "id": "175179"
      },
      {
        "db": "PACKETSTORM",
        "id": "175159"
      },
      {
        "db": "PACKETSTORM",
        "id": "176006"
      },
      {
        "db": "PACKETSTORM",
        "id": "179610"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2023-44487",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-44487",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-44487",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            "id": "CVE-2023-44487",
            "trust": 1.0,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. \n\n\n\n\nDescription:\n\nVarnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don\u0027t have to create the same web page over and over again, giving the website a significant speed up. \n\n\n\n\nDescription:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. \n\n\n\n\nDescription:\n\nnghttp2 contains the Hypertext Transfer Protocol version 2 (HTTP/2) client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. \n\n\n\n\nDescription:\n\nNode.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\n\n\nDescription:\n\nIBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services. \n\nIBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments. \n\nThis release updates the IBM Business Automation Manager Open Editions images to 8.0.4. ==========================================================================\nUbuntu Security Notice USN-6754-1\nApril 25, 2024\n\nnghttp2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in nghttp2. \n\nSoftware Description:\n- nghttp2: HTTP/2 C Library and tools\n\nDetails:\n\nIt was discovered that nghttp2 incorrectly handled the HTTP/2\nimplementation. A remote attacker could possibly use this issue to cause\nnghttp2 to consume resources, leading to a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,\nCVE-2019-9513)\n\nIt was discovered that nghttp2 incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause nghttp2 to consume\nresources, leading to a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)\n\nIt was discovered that nghttp2 could be made to process an unlimited number\nof HTTP/2 CONTINUATION frames. A remote attacker could possibly use this\nissue to cause nghttp2 to consume resources, leading to a denial of\nservice. (CVE-2024-28182)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   libnghttp2-14                   1.55.1-1ubuntu0.2\n   nghttp2                         1.55.1-1ubuntu0.2\n   nghttp2-client                  1.55.1-1ubuntu0.2\n   nghttp2-proxy                   1.55.1-1ubuntu0.2\n   nghttp2-server                  1.55.1-1ubuntu0.2\n\nUbuntu 22.04 LTS:\n   libnghttp2-14                   1.43.0-1ubuntu0.2\n   nghttp2                         1.43.0-1ubuntu0.2\n   nghttp2-client                  1.43.0-1ubuntu0.2\n   nghttp2-proxy                   1.43.0-1ubuntu0.2\n   nghttp2-server                  1.43.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n   libnghttp2-14                   1.40.0-1ubuntu0.3\n   nghttp2                         1.40.0-1ubuntu0.3\n   nghttp2-client                  1.40.0-1ubuntu0.3\n   nghttp2-proxy                   1.40.0-1ubuntu0.3\n   nghttp2-server                  1.40.0-1ubuntu0.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.30.0-1ubuntu1+esm2\n   nghttp2                         1.30.0-1ubuntu1+esm2\n   nghttp2-client                  1.30.0-1ubuntu1+esm2\n   nghttp2-proxy                   1.30.0-1ubuntu1+esm2\n   nghttp2-server                  1.30.0-1ubuntu1+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n   libnghttp2-14                   1.7.1-1ubuntu0.1~esm2\n   nghttp2                         1.7.1-1ubuntu0.1~esm2\n   nghttp2-client                  1.7.1-1ubuntu0.1~esm2\n   nghttp2-proxy                   1.7.1-1ubuntu0.1~esm2\n   nghttp2-server                  1.7.1-1ubuntu0.1~esm2\n\nIn general, a standard system update will make all the necessary changes. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4631.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Important: Red Hat OpenShift Dev Spaces 3.15.0 release\nAdvisory ID:        RHSA-2024:4631-03\nProduct:            Red Hat OpenShift Dev Spaces\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4631\nIssue date:         2024-07-18\nRevision:           03\nCVE Names:          CVE-2022-3064\n====================================================================\n\nSummary: \n\nRed Hat OpenShift Dev Spaces 3.15 has been released. \n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. \n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section. \n\n\n\n\nDescription:\n\nRed Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. \n\nThe 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. \n\nUsers still using the v1 standard should migrate as soon as possible. \n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw\n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2022-3064\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces\nhttps://access.redhat.com/security/cve/CVE-2022-3064\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-28948\nhttps://access.redhat.com/security/cve/CVE-2022-46175\nhttps://access.redhat.com/security/cve/CVE-2023-6378\nhttps://access.redhat.com/security/cve/CVE-2023-39325\nhttps://access.redhat.com/security/cve/CVE-2023-41080\nhttps://access.redhat.com/security/cve/CVE-2023-44487\nhttps://access.redhat.com/security/cve/CVE-2023-45288\nhttps://access.redhat.com/security/cve/CVE-2023-45648\nhttps://issues.redhat.com/browse/CRW-6593\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      },
      {
        "db": "PACKETSTORM",
        "id": "175289"
      },
      {
        "db": "PACKETSTORM",
        "id": "175389"
      },
      {
        "db": "PACKETSTORM",
        "id": "175376"
      },
      {
        "db": "PACKETSTORM",
        "id": "175127"
      },
      {
        "db": "PACKETSTORM",
        "id": "175179"
      },
      {
        "db": "PACKETSTORM",
        "id": "175159"
      },
      {
        "db": "PACKETSTORM",
        "id": "176006"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "PACKETSTORM",
        "id": "179610"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-44487",
        "trust": 1.9
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/13/4",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/18/8",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/13/9",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/20/8",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/10/6",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/18/4",
        "trust": 1.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2023/10/19/6",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "175289",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175389",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175376",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175127",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175179",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "175159",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "176006",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "178284",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "179610",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175289"
      },
      {
        "db": "PACKETSTORM",
        "id": "175389"
      },
      {
        "db": "PACKETSTORM",
        "id": "175376"
      },
      {
        "db": "PACKETSTORM",
        "id": "175127"
      },
      {
        "db": "PACKETSTORM",
        "id": "175179"
      },
      {
        "db": "PACKETSTORM",
        "id": "175159"
      },
      {
        "db": "PACKETSTORM",
        "id": "176006"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "PACKETSTORM",
        "id": "179610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "id": "VAR-202310-0175",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.38473925200000003
  },
  "last_update_date": "2024-11-29T20:21:59.333000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
      },
      {
        "trust": 1.0,
        "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
      },
      {
        "trust": 1.0,
        "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
      },
      {
        "trust": 1.0,
        "url": "https://aws.amazon.com/security/security-bulletins/aws-2023-011/"
      },
      {
        "trust": 1.0,
        "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
      },
      {
        "trust": 1.0,
        "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
      },
      {
        "trust": 1.0,
        "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
      },
      {
        "trust": 1.0,
        "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
      },
      {
        "trust": 1.0,
        "url": "https://blog.vespa.ai/cve-2023-44487/"
      },
      {
        "trust": 1.0,
        "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
      },
      {
        "trust": 1.0,
        "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
      },
      {
        "trust": 1.0,
        "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
      },
      {
        "trust": 1.0,
        "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
      },
      {
        "trust": 1.0,
        "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
      },
      {
        "trust": 1.0,
        "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
      },
      {
        "trust": 1.0,
        "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
      },
      {
        "trust": 1.0,
        "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
      },
      {
        "trust": 1.0,
        "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
      },
      {
        "trust": 1.0,
        "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/azure/aks/issues/3947"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/kong/kong/discussions/11741"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/advisories/ghsa-qppj-fm5r-hxr3"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/advisories/ghsa-vx74-f528-fxqg"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/advisories/ghsa-xpw8-rcwv-8f8p"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/akka/akka-http/issues/4323"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/alibaba/tengine/issues/1872"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/apache/apisix/issues/10320"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/apache/httpd-site/pull/10"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#l1101-l1113"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/apache/trafficserver/pull/10564"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/arkrwn/poc/tree/main/cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/bcdannyboy/cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/caddyserver/caddy/issues/5877"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/dotnet/announcements/issues/277"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#l73"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/eclipse/jetty.project/issues/10679"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/envoyproxy/envoy/pull/30055"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/etcd-io/etcd/issues/16740"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/facebook/proxygen/pull/466"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/golang/go/issues/63417"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/grpc/grpc-go/pull/6703"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/h2o/h2o/pull/3291"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/h2o/h2o/security/advisories/ghsa-2m7v-gc89-fjqf"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/haproxy/haproxy/issues/2312"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/readme.md?plain=1#l239-l244"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/kazu-yamamoto/http2/issues/93"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/kubernetes/kubernetes/pull/121120"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/line/armeria/pull/5232"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/micrictor/http2-rst-stream"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/microsoft/cbl-mariner/pull/6381"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/nghttp2/nghttp2/pull/1961"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/ninenines/cowboy/issues/1615"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/nodejs/node/pull/50121"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/openresty/openresty/issues/930"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/projectcontour/contour/pull/5826"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
      },
      {
        "trust": 1.0,
        "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
      },
      {
        "trust": 1.0,
        "url": "https://groups.google.com/g/golang-announce/c/innxdtcjzvo"
      },
      {
        "trust": 1.0,
        "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
      },
      {
        "trust": 1.0,
        "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2mbeppc36ubvozznaxfhklfgslcmn5li/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3n4nj7fr4x4fpzugntqapstvb2hb2y4a/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfqd3kuemfbhpapbglwqc34l4owl5haz/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/clb4tw7kalb3eeqwnwcn7ouiwwvwwcg2/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/e72t67updrxhidlo3oror25yamn4ggw5/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fna62q767cfafhbcdkynpbmzwb7twyvu/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ht7t2r4mqklif4odv4bdlparwfpcj5cz/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jmexy22bfg5q64hqcm5ck2q7kdkvv4ty/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ksegd2iwknuo3dwy4kqguqm5bisrwhqe/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lkyhszqfdnr7rsa7lhvlliaqmvycugbg/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lnmzjcdhgljjlxo4oxwjmtvqrnwoc7ul/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vsrdiv77hnkusm7sjc5bke5jshlhu2nk/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/we2i52rhnnu42px6nz2rbuhsffj2lvzx/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wlprq5twuqqxywbjm7ecydail2yvkiuh/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6qxn4orivf6xbw4wwfe7vnpvc74s45y/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xfoibb4yfichdm7ibop7pwxw3fx4hll2/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zb43remkrqr62njei7i5nq4fsxnlbkrt/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zlu6u2r2ic2k64ndpnmv55auao65maf4/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.w3.org/archives/public/ietf-http-wg/2023octdec/0025.html"
      },
      {
        "trust": 1.0,
        "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-october/s36q5hbxr7caimpllprsssyr4pcmwilk.html"
      },
      {
        "trust": 1.0,
        "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
      },
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
      },
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://my.f5.com/manage/s/article/k000137106"
      },
      {
        "trust": 1.0,
        "url": "https://netty.io/news/2023/10/10/4-1-100-final.html"
      },
      {
        "trust": 1.0,
        "url": "https://news.ycombinator.com/item?id=37830987"
      },
      {
        "trust": 1.0,
        "url": "https://news.ycombinator.com/item?id=37830998"
      },
      {
        "trust": 1.0,
        "url": "https://news.ycombinator.com/item?id=37831062"
      },
      {
        "trust": 1.0,
        "url": "https://news.ycombinator.com/item?id=37837043"
      },
      {
        "trust": 1.0,
        "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
      },
      {
        "trust": 1.0,
        "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
      },
      {
        "trust": 1.0,
        "url": "https://security.gentoo.org/glsa/202311-09"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
      },
      {
        "trust": 1.0,
        "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
      },
      {
        "trust": 1.0,
        "url": "https://security.paloaltonetworks.com/cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://tomcat.apache.org/security-10.html#fixed_in_apache_tomcat_10.1.14"
      },
      {
        "trust": 1.0,
        "url": "https://ubuntu.com/security/cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
      },
      {
        "trust": 1.0,
        "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5521"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5522"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5540"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5549"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5558"
      },
      {
        "trust": 1.0,
        "url": "https://www.debian.org/security/2023/dsa-5570"
      },
      {
        "trust": 1.0,
        "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
      },
      {
        "trust": 1.0,
        "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
      },
      {
        "trust": 1.0,
        "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
      },
      {
        "trust": 1.0,
        "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
      },
      {
        "trust": 1.0,
        "url": "https://www.phoronix.com/news/http2-rapid-reset-attack"
      },
      {
        "trust": 1.0,
        "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-003"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6020.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:6020"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6022.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:6022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_6105.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:6105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5767.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:5767"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:5840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5840.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:5707"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5707.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7587.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2023:7587"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.3"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6754-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nghttp2/1.55.1-1ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-28182"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:4631"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-28948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-45648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-3064"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-46175"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-41080"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-39325"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-45288"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/crw-6593"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/support/policy/updates/openshift#crw"
      },
      {
        "trust": 0.1,
        "url": "https://devfile.io/docs/2.2.0/migrating-to-devfile-v2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4631.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-21698"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2022-3064"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2023-6378"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175289"
      },
      {
        "db": "PACKETSTORM",
        "id": "175389"
      },
      {
        "db": "PACKETSTORM",
        "id": "175376"
      },
      {
        "db": "PACKETSTORM",
        "id": "175127"
      },
      {
        "db": "PACKETSTORM",
        "id": "175179"
      },
      {
        "db": "PACKETSTORM",
        "id": "175159"
      },
      {
        "db": "PACKETSTORM",
        "id": "176006"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "PACKETSTORM",
        "id": "179610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "PACKETSTORM",
        "id": "175289"
      },
      {
        "db": "PACKETSTORM",
        "id": "175389"
      },
      {
        "db": "PACKETSTORM",
        "id": "175376"
      },
      {
        "db": "PACKETSTORM",
        "id": "175127"
      },
      {
        "db": "PACKETSTORM",
        "id": "175179"
      },
      {
        "db": "PACKETSTORM",
        "id": "175159"
      },
      {
        "db": "PACKETSTORM",
        "id": "176006"
      },
      {
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "db": "PACKETSTORM",
        "id": "179610"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-10-24T15:51:35",
        "db": "PACKETSTORM",
        "id": "175289"
      },
      {
        "date": "2023-10-30T12:35:16",
        "db": "PACKETSTORM",
        "id": "175389"
      },
      {
        "date": "2023-10-27T12:55:12",
        "db": "PACKETSTORM",
        "id": "175376"
      },
      {
        "date": "2023-10-17T15:40:07",
        "db": "PACKETSTORM",
        "id": "175127"
      },
      {
        "date": "2023-10-18T16:28:09",
        "db": "PACKETSTORM",
        "id": "175179"
      },
      {
        "date": "2023-10-18T16:22:55",
        "db": "PACKETSTORM",
        "id": "175159"
      },
      {
        "date": "2023-11-30T12:38:58",
        "db": "PACKETSTORM",
        "id": "176006"
      },
      {
        "date": "2024-04-26T15:13:40",
        "db": "PACKETSTORM",
        "id": "178284"
      },
      {
        "date": "2024-07-19T13:36:35",
        "db": "PACKETSTORM",
        "id": "179610"
      },
      {
        "date": "2023-10-10T14:15:10.883000",
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-08-14T19:57:18.860000",
        "db": "NVD",
        "id": "CVE-2023-44487"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "178284"
      }
    ],
    "trust": 0.1
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat Security Advisory 2023-6020-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "175289"
      }
    ],
    "trust": 0.1
  }
}

var-202001-0123
Vulnerability from variot

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program's inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:0134-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134 Issue date: 2020-01-16 CVE Names: CVE-2020-0602 CVE-2020-0603 ==================================================================== 1. Summary:

An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.

Security Fixes:

  • dotnet: Memory Corruption in SignalR (CVE-2020-0603)

  • dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)

Users must rebuild their applications to pick up the fixes.

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102 1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101 1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue 1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm

x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm

x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm

x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0603 https://access.redhat.com/security/updates/classification/#critical

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6 KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3 FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ 2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+ XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1 2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw 8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK EuYGFNW4Ux4\xadZz -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0123",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "3.0"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "8.0"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "redhat",
        "version": "8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "none"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "eus"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-0603",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-0603",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2020-16653",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-0603",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-0603",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-0603",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-0603",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-16653",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-470",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program\u0027s inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update\nAdvisory ID:       RHSA-2020:0134-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:0134\nIssue date:        2020-01-16\nCVE Names:         CVE-2020-0602 CVE-2020-0603\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available\nfor .NET Core on Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core SDK 3.0.102, .NET Core\nRuntime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. \n\nSecurity Fixes:\n\n* dotnet: Memory Corruption in SignalR (CVE-2020-0603)\n\n* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)\n\nUsers must rebuild their applications to pick up the fixes. \n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102\n1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101\n1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue\n1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet30-dotnet-3.0.102-3.el7.src.rpm\n\nx86_64:\nrh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm\nrh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm\nrh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.101-4.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-0602\nhttps://access.redhat.com/security/cve/CVE-2020-0603\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j\nF2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6\nKjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3\nFIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B\nedz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ\n2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+\nXXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI\nM3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM\nL6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1\n2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw\n8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK\nEuYGFNW4Ux4\\xadZz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-0603",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155981",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0186",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "155977",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "id": "VAR-202001-0123",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:33:37.569000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RHSA-2020:0130",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/RHSA-2020:0130"
      },
      {
        "title": "RHSA-2020:0134",
        "trust": 0.8,
        "url": "https://access.redhat.com/errata/RHSA-2020:0134"
      },
      {
        "title": "CVE-2020-0603 | ASP.NET Core Remote Code Execution Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
      },
      {
        "title": "CVE-2020-0603 | ASP.NET Core \u306e\u30ea\u30e2\u30fc\u30c8\u3067\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0603"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core remote code execution vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/208309"
      },
      {
        "title": "Microsoft ASP.NET Core Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108468"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2020:0130"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/errata/rhsa-2020:0134"
      },
      {
        "trust": 2.2,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0603"
      },
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0603"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0603"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200001.html"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-0603"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0186/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155981/red-hat-security-advisory-2020-0134-01.html"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-0602"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0602"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "date": "2020-01-16T16:43:31",
        "db": "PACKETSTORM",
        "id": "155977"
      },
      {
        "date": "2020-01-16T16:45:15",
        "db": "PACKETSTORM",
        "id": "155981"
      },
      {
        "date": "2020-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "date": "2020-01-14T23:15:30.347000",
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-16653"
      },
      {
        "date": "2020-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      },
      {
        "date": "2020-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      },
      {
        "date": "2024-11-21T04:53:50.333000",
        "db": "NVD",
        "id": "CVE-2020-0603"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core Remote code execution vulnerability in software",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-001109"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-470"
      }
    ],
    "trust": 0.6
  }
}

var-202308-2521
Vulnerability from variot

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2521",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": ".net",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.18"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.2.0"
      },
      {
        "model": ".net",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.10"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.10"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1.40"
      },
      {
        "model": ".net",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.6"
      },
      {
        "model": ".net",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.21"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.2"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": ".net",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "cve": "CVE-2023-35391",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2023-35391",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "secure@microsoft.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "id": "CVE-2023-35391",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-35391",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-35391",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2023-35391",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-35391",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-35391",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVNVU93250330",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-24-165-04",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "id": "VAR-202308-2521",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T12:19:56.632000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ASP.NET\u00a0Core\u00a0SignalR\u00a0and\u00a0Visual\u00a0Studio\u00a0Information\u00a0Disclosure\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35391"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.0,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-35391"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93250330/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-35391"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/security-alert/2023/0809-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2023/at230016.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "date": "2023-08-08T19:15:09.940000",
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-06-17T08:43:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      },
      {
        "date": "2023-11-06T23:15:10.237000",
        "db": "NVD",
        "id": "CVE-2023-35391"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Microsoft\u00a0 A vulnerability in which information is disclosed in a product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002803"
      }
    ],
    "trust": 0.8
  }
}

var-202402-1535
Vulnerability from variot

.NET Denial of Service Vulnerability. Microsoft's Microsoft Visual Studio and ASP.NET Core for, .NET Service operation is interrupted due to a defect in (DoS) A state vulnerability exists.Service operation interruption (DoS) It may be in a state.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0814.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

==================================================================== Red Hat Security Advisory

Synopsis: Important: .NET 6.0 security, bug fix, and enhancement update Advisory ID: RHSA-2024:0814-03 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2024:0814 Issue date: 2024-02-14 Revision: 03 CVE Names: CVE-2024-21386 ====================================================================

Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27.

The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.127). (BZ#2262321)

Security Fix(es):

  • dotnet: Denial of Service in SignalR server (CVE-2024-21386)

  • dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-21386

References:

https://access.redhat.com/security/updates/classification/#important https://bugzilla.redhat.com/show_bug.cgi?id=2263085 https://bugzilla.redhat.com/show_bug.cgi?id=2263086

. ========================================================================== Ubuntu Security Notice USN-6634-1 February 13, 2024

dotnet6, dotnet7, dotnet8 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime

Details:

Brennan Conroy discovered that .NET with SignalR did not properly handle malicious clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21386)

Bahaa Naamneh discovered that .NET with OpenSSL support did not properly parse X509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21404)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.127-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.116-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-host 6.0.127-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.127-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.127-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.2-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.127-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.116-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.102-0ubuntu1~23.10.1 dotnet6 6.0.127-0ubuntu1~23.10.1 dotnet7 7.0.116-0ubuntu1~23.10.1 dotnet8 8.0.102-8.0.2-0ubuntu1~23.10.1

Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.127-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.116-0ubuntu1~22.04.1 aspnetcore-runtime-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-host 6.0.127-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-host-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.127-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-hostfxr-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.127-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-runtime-8.0 8.0.2-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.127-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.116-0ubuntu1~22.04.1 dotnet-sdk-8.0 8.0.102-0ubuntu1~22.04.1 dotnet6 6.0.127-0ubuntu1~22.04.1 dotnet7 7.0.116-0ubuntu1~22.04.1 dotnet8 8.0.102-8.0.2-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202402-1535",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.16"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.16"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6.0.27"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0.0"
      },
      {
        "model": "asp.net core",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.2"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.8.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.6.12"
      },
      {
        "model": "visual studio 2022",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.8.7"
      },
      {
        "model": "asp.net core",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "8.0.0"
      },
      {
        "model": "visual studio 2022",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "17.4.0"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.4"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.8"
      },
      {
        "model": "microsoft visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": "2022   17.6"
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "177137"
      },
      {
        "db": "PACKETSTORM",
        "id": "177124"
      },
      {
        "db": "PACKETSTORM",
        "id": "177122"
      },
      {
        "db": "PACKETSTORM",
        "id": "177121"
      },
      {
        "db": "PACKETSTORM",
        "id": "177120"
      },
      {
        "db": "PACKETSTORM",
        "id": "177119"
      },
      {
        "db": "PACKETSTORM",
        "id": "177155"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2024-21386",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "secure@microsoft.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2024-21386",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2024-002866",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2024-21386",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2024-002866",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": ".NET Denial of Service Vulnerability. Microsoft\u0027s Microsoft Visual Studio and ASP.NET Core for, .NET Service operation is interrupted due to a defect in (DoS) A state vulnerability exists.Service operation interruption (DoS) It may be in a state. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0814.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis:           Important: .NET 6.0 security, bug fix, and enhancement update\nAdvisory ID:        RHSA-2024:0814-03\nProduct:            .NET Core on Red Hat Enterprise Linux\nAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0814\nIssue date:         2024-02-14\nRevision:           03\nCVE Names:          CVE-2024-21386\n====================================================================\n\nSummary: \n\nAn update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\n.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.127 and .NET Runtime 6.0.27. \n\nThe following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.127). (BZ#2262321)\n\nSecurity Fix(es):\n\n* dotnet: Denial of Service in SignalR server (CVE-2024-21386)\n\n* dotnet: Denial of Service in X509Certificate2 (CVE-2024-21404)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\n\nSolution:\n\nhttps://access.redhat.com/articles/11258\n\n\n\nCVEs:\n\nCVE-2024-21386\n\nReferences:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2263085\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2263086\n\n. ==========================================================================\nUbuntu Security Notice USN-6634-1\nFebruary 13, 2024\n\ndotnet6, dotnet7, dotnet8 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in .NET. \n\nSoftware Description:\n- dotnet6: dotNET CLI tools and runtime\n- dotnet7: dotNET CLI tools and runtime\n- dotnet8: dotNET CLI tools and runtime\n\nDetails:\n\nBrennan Conroy discovered that .NET with SignalR did not properly\nhandle malicious clients. An attacker could possibly use this issue\nto cause a denial of service. (CVE-2024-21386)\n\nBahaa Naamneh discovered that .NET with OpenSSL support did not\nproperly parse X509 certificates. An attacker could possibly use\nthis issue to cause a denial of service. (CVE-2024-21404)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n   aspnetcore-runtime-6.0          6.0.127-0ubuntu1~23.10.1\n   aspnetcore-runtime-7.0          7.0.116-0ubuntu1~23.10.1\n   aspnetcore-runtime-8.0          8.0.2-0ubuntu1~23.10.1\n   dotnet-host                     6.0.127-0ubuntu1~23.10.1\n   dotnet-host-7.0                 7.0.116-0ubuntu1~23.10.1\n   dotnet-host-8.0                 8.0.2-0ubuntu1~23.10.1\n   dotnet-hostfxr-6.0              6.0.127-0ubuntu1~23.10.1\n   dotnet-hostfxr-7.0              7.0.116-0ubuntu1~23.10.1\n   dotnet-hostfxr-8.0              8.0.2-0ubuntu1~23.10.1\n   dotnet-runtime-6.0              6.0.127-0ubuntu1~23.10.1\n   dotnet-runtime-7.0              7.0.116-0ubuntu1~23.10.1\n   dotnet-runtime-8.0              8.0.2-0ubuntu1~23.10.1\n   dotnet-sdk-6.0                  6.0.127-0ubuntu1~23.10.1\n   dotnet-sdk-7.0                  7.0.116-0ubuntu1~23.10.1\n   dotnet-sdk-8.0                  8.0.102-0ubuntu1~23.10.1\n   dotnet6                         6.0.127-0ubuntu1~23.10.1\n   dotnet7                         7.0.116-0ubuntu1~23.10.1\n   dotnet8                         8.0.102-8.0.2-0ubuntu1~23.10.1\n\nUbuntu 22.04 LTS:\n   aspnetcore-runtime-6.0          6.0.127-0ubuntu1~22.04.1\n   aspnetcore-runtime-7.0          7.0.116-0ubuntu1~22.04.1\n   aspnetcore-runtime-8.0          8.0.2-0ubuntu1~22.04.1\n   dotnet-host                     6.0.127-0ubuntu1~22.04.1\n   dotnet-host-7.0                 7.0.116-0ubuntu1~22.04.1\n   dotnet-host-8.0                 8.0.2-0ubuntu1~22.04.1\n   dotnet-hostfxr-6.0              6.0.127-0ubuntu1~22.04.1\n   dotnet-hostfxr-7.0              7.0.116-0ubuntu1~22.04.1\n   dotnet-hostfxr-8.0              8.0.2-0ubuntu1~22.04.1\n   dotnet-runtime-6.0              6.0.127-0ubuntu1~22.04.1\n   dotnet-runtime-7.0              7.0.116-0ubuntu1~22.04.1\n   dotnet-runtime-8.0              8.0.2-0ubuntu1~22.04.1\n   dotnet-sdk-6.0                  6.0.127-0ubuntu1~22.04.1\n   dotnet-sdk-7.0                  7.0.116-0ubuntu1~22.04.1\n   dotnet-sdk-8.0                  8.0.102-0ubuntu1~22.04.1\n   dotnet6                         6.0.127-0ubuntu1~22.04.1\n   dotnet7                         7.0.116-0ubuntu1~22.04.1\n   dotnet8                         8.0.102-8.0.2-0ubuntu1~22.04.1\n\nIn general, a standard system update will make all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "db": "PACKETSTORM",
        "id": "177137"
      },
      {
        "db": "PACKETSTORM",
        "id": "177124"
      },
      {
        "db": "PACKETSTORM",
        "id": "177122"
      },
      {
        "db": "PACKETSTORM",
        "id": "177121"
      },
      {
        "db": "PACKETSTORM",
        "id": "177120"
      },
      {
        "db": "PACKETSTORM",
        "id": "177119"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177155"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-21386",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2024-21386",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177124",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177122",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177121",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177120",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177119",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177110",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "177155",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "PACKETSTORM",
        "id": "177137"
      },
      {
        "db": "PACKETSTORM",
        "id": "177124"
      },
      {
        "db": "PACKETSTORM",
        "id": "177122"
      },
      {
        "db": "PACKETSTORM",
        "id": "177121"
      },
      {
        "db": "PACKETSTORM",
        "id": "177120"
      },
      {
        "db": "PACKETSTORM",
        "id": "177119"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177155"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "id": "VAR-202402-1535",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19172932
  },
  "last_update_date": "2024-08-14T14:09:34.001000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": ".NET\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
        "trust": 0.8,
        "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21386"
      },
      {
        "title": "Red Hat: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2024-21386"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-21386"
      },
      {
        "trust": 1.1,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2024-21386"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/security-alert/2023/0214-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2024/at240006.html"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263086"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2024-21386"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0827.json"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-23939"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0827"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0814.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0808.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0807.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0806.json"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0805"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0805.json"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-6634-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.102-8.0.2-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.116-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-21404"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.127-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet8/8.0.102-8.0.2-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet7/7.0.116-0ubuntu1~22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dotnet6/6.0.127-0ubuntu1~23.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2024:0848"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0848.json"
      },
      {
        "trust": 0.1,
        "url": "https://issues.redhat.com/browse/rhel-23938"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "PACKETSTORM",
        "id": "177137"
      },
      {
        "db": "PACKETSTORM",
        "id": "177124"
      },
      {
        "db": "PACKETSTORM",
        "id": "177122"
      },
      {
        "db": "PACKETSTORM",
        "id": "177121"
      },
      {
        "db": "PACKETSTORM",
        "id": "177120"
      },
      {
        "db": "PACKETSTORM",
        "id": "177119"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177155"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "db": "PACKETSTORM",
        "id": "177137"
      },
      {
        "db": "PACKETSTORM",
        "id": "177124"
      },
      {
        "db": "PACKETSTORM",
        "id": "177122"
      },
      {
        "db": "PACKETSTORM",
        "id": "177121"
      },
      {
        "db": "PACKETSTORM",
        "id": "177120"
      },
      {
        "db": "PACKETSTORM",
        "id": "177119"
      },
      {
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "db": "PACKETSTORM",
        "id": "177155"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "date": "2024-02-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "date": "2024-02-15T15:12:47",
        "db": "PACKETSTORM",
        "id": "177137"
      },
      {
        "date": "2024-02-14T15:09:06",
        "db": "PACKETSTORM",
        "id": "177124"
      },
      {
        "date": "2024-02-14T15:08:50",
        "db": "PACKETSTORM",
        "id": "177122"
      },
      {
        "date": "2024-02-14T15:08:43",
        "db": "PACKETSTORM",
        "id": "177121"
      },
      {
        "date": "2024-02-14T15:08:33",
        "db": "PACKETSTORM",
        "id": "177120"
      },
      {
        "date": "2024-02-14T15:08:24",
        "db": "PACKETSTORM",
        "id": "177119"
      },
      {
        "date": "2024-02-14T15:06:51",
        "db": "PACKETSTORM",
        "id": "177110"
      },
      {
        "date": "2024-02-16T14:54:59",
        "db": "PACKETSTORM",
        "id": "177155"
      },
      {
        "date": "2024-02-13T18:15:56.737000",
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2024-21386"
      },
      {
        "date": "2024-02-28T01:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      },
      {
        "date": "2024-05-29T00:15:31.847000",
        "db": "NVD",
        "id": "CVE-2024-21386"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft\u0027s \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 and \u00a0ASP.NET\u00a0Core\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability Stated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-002866"
      }
    ],
    "trust": 0.8
  }
}

var-202008-0730
Vulnerability from variot

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. (DoS) Vulnerability exists. Microsoft ASP.NET Core is a cross-platform open source framework developed by Microsoft (Microsoft). The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux Advisory ID: RHSA-2020:3421-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3421 Issue date: 2020-08-11 CVE Names: CVE-2020-1597 ==================================================================== 1. Summary:

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64

  1. Description:

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.107 and .NET Core Runtime 3.1.7.

Security Fix(es):

  • .NET Core: ASP.NET Core Resource Consumption Denial of Service (CVE-2020-1597)

Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Package List:

.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):

Source: rh-dotnet31-dotnet-3.1.107-1.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.107-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.107-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Server (v. 7):

Source: rh-dotnet31-dotnet-3.1.107-1.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.107-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.107-1.el7.x86_64.rpm

.NET Core on Red Hat Enterprise Linux Workstation (v. 7):

Source: rh-dotnet31-dotnet-3.1.107-1.el7.src.rpm

x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.107-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.107-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.107-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2020-1597 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXzMAFtzjgjWX9erEAQh5+A//UsOtJULqbwQ9oex9IgLFzc5KgpktYzAP Ug/yYUgoTVuwLSYEg5/BtIG4lf0loJAfDHEE1UhBvR4DHthRz+50cR5lF6fCBCYr RUYSMibbPMM6bb3/1K+El1KeBvA41bd04HYO8KbzhSSFR+JmCYMTDwl7sNiwQ4NB a5lYJYRl56j0Z/AxgXBzdme4lt6ETNMbfN0rYoSgYnPcnIeBICSvyfcd6TnX4HOq PuZgvPW+dxBDK5/wumEj7dOX2r3U9ClCc9qva2vKw8aLywrIs3eYdG07wh2HdwME FF+M5mxYNdrrIBnkYNk0CvjFSk7cWUmLMae1vqLlwjq7rBE1MUJ+RXXRV3WKkiCv 33l0er8L7hCkUIL5VQz0l3TeGcT6ITF8iO4K61xNBNXzwEOfvB161pSQp0SjVUxi AKdwxTj9m9KH4zt5lkfvfMP5a3VLQiws7i3XTG5/iBxOySVdBT+bkUizDFPVLS2C VPs8g7cZ8QvGplFzS1Y2I8nHS7K0+dBSajJQ381BmsugQOxv3u+zqG3SQ0Wxvw5M eSdTxn3k5SXfyEh9r2tUAtHF23751NEEc1RbIkDIBAa2TQee+jh//EHHiX0B2LRi 9Av6kgzXUkdnoIa9di6s5tixPwIv5Oma4cQpV6cfGujzBhuKp23yFlBJU/Olm6a7 /7QsembAUTw=Sbg6 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0730",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2.1"
      },
      {
        "model": "asp.net core",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "3.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "visual studio 2019",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.5"
      },
      {
        "model": "visual studio 2017",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.0"
      },
      {
        "model": "visual studio 2019",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "model": "visual studio 2019",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.6"
      },
      {
        "model": "visual studio 2019",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "16.3"
      },
      {
        "model": "visual studio 2017",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "15.8"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2017 version 15.9 (includes 15.0 - 15.8)"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2019 version 16.0"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2019 version 16.4 (includes 16.0 - 16.3)"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2019 version 16.7 (includes 16.0 - 16.6)"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "201916.0"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2017\u003e=15.0,\u003c=15.8"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2019\u003e=16.0,\u003c=16.3"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "2019\u003e=16.0,\u003c=16.6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net_core",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:visual_studio",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "158838"
      },
      {
        "db": "PACKETSTORM",
        "id": "158837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2020-1597",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-1597",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008495",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-57801",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-1597",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-008495",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1597",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-008495",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-57801",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202008-476",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. \nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. \nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. (DoS) Vulnerability exists. Microsoft ASP.NET Core is a cross-platform open source framework developed by Microsoft (Microsoft). The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux\nAdvisory ID:       RHSA-2020:3421-01\nProduct:           .NET Core on Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:3421\nIssue date:        2020-08-11\nCVE Names:         CVE-2020-1597\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nNew versions of .NET Core that address a security vulnerability are now\navailable. The updated versions are .NET Core SDK 3.1.107 and .NET Core\nRuntime 3.1.7. \n\nSecurity Fix(es):\n\n* .NET Core: ASP.NET Core Resource Consumption Denial of Service\n(CVE-2020-1597)\n\nDefault inclusions for applications built with .NET Core have been updated\nto reference the newest versions and their security fixes. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.107-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.107-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.107-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.107-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.107-1.el7.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.7-1.el7.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.107-1.el7.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.107-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1597\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzMAFtzjgjWX9erEAQh5+A//UsOtJULqbwQ9oex9IgLFzc5KgpktYzAP\nUg/yYUgoTVuwLSYEg5/BtIG4lf0loJAfDHEE1UhBvR4DHthRz+50cR5lF6fCBCYr\nRUYSMibbPMM6bb3/1K+El1KeBvA41bd04HYO8KbzhSSFR+JmCYMTDwl7sNiwQ4NB\na5lYJYRl56j0Z/AxgXBzdme4lt6ETNMbfN0rYoSgYnPcnIeBICSvyfcd6TnX4HOq\nPuZgvPW+dxBDK5/wumEj7dOX2r3U9ClCc9qva2vKw8aLywrIs3eYdG07wh2HdwME\nFF+M5mxYNdrrIBnkYNk0CvjFSk7cWUmLMae1vqLlwjq7rBE1MUJ+RXXRV3WKkiCv\n33l0er8L7hCkUIL5VQz0l3TeGcT6ITF8iO4K61xNBNXzwEOfvB161pSQp0SjVUxi\nAKdwxTj9m9KH4zt5lkfvfMP5a3VLQiws7i3XTG5/iBxOySVdBT+bkUizDFPVLS2C\nVPs8g7cZ8QvGplFzS1Y2I8nHS7K0+dBSajJQ381BmsugQOxv3u+zqG3SQ0Wxvw5M\neSdTxn3k5SXfyEh9r2tUAtHF23751NEEc1RbIkDIBAa2TQee+jh//EHHiX0B2LRi\n9Av6kgzXUkdnoIa9di6s5tixPwIv5Oma4cQpV6cfGujzBhuKp23yFlBJU/Olm6a7\n/7QsembAUTw=Sbg6\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "db": "PACKETSTORM",
        "id": "158838"
      },
      {
        "db": "PACKETSTORM",
        "id": "158837"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1597",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "158838",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2753",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "48240",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "158837",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "PACKETSTORM",
        "id": "158838"
      },
      {
        "db": "PACKETSTORM",
        "id": "158837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "id": "VAR-202008-0730",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:51:23.633000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2020-1597 | ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1597"
      },
      {
        "title": "CVE-2020-1597 | ASP.NET Core \u306e\u30b5\u30fc\u30d3\u30b9\u62d2\u5426\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-1597"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2020-57801)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/237031"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126208"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1597"
      },
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1597"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zw4cbi26kso3prl3hlvvisxppoyuhsxo/"
      },
      {
        "trust": 1.0,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wh5fq5vt3jghxfxoethctbwjuiapghht/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1597"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20200812-ms.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2020/at200033.html"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2020-1597"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zw4cbi26kso3prl3hlvvisxppoyuhsxo/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wh5fq5vt3jghxfxoethctbwjuiapghht/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-denial-of-service-33056"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2753/"
      },
      {
        "trust": 0.6,
        "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2020-1597"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158838/red-hat-security-advisory-2020-3422-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-asp-net-core-denial-of-service-33059"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/48240"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3421"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "PACKETSTORM",
        "id": "158838"
      },
      {
        "db": "PACKETSTORM",
        "id": "158837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "db": "PACKETSTORM",
        "id": "158838"
      },
      {
        "db": "PACKETSTORM",
        "id": "158837"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "date": "2020-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "date": "2020-08-11T21:16:48",
        "db": "PACKETSTORM",
        "id": "158838"
      },
      {
        "date": "2020-08-11T21:16:42",
        "db": "PACKETSTORM",
        "id": "158837"
      },
      {
        "date": "2020-08-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "date": "2020-08-17T19:15:21.927000",
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-57801"
      },
      {
        "date": "2020-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      },
      {
        "date": "2022-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      },
      {
        "date": "2024-11-21T05:10:55.510000",
        "db": "NVD",
        "id": "CVE-2020-1597"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ASP.NET Core and  Microsoft Visual Studio Service operation interruption in  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-008495"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-476"
      }
    ],
    "trust": 0.6
  }
}

var-201705-3358
Vulnerability from variot

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "system.text.encodings.web",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.net.http",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.1"
      },
      {
        "model": "system.net.http.winhttphandler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.net.security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.0"
      },
      {
        "model": "system.net.websockets.client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.text.encodings.web",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.0"
      },
      {
        "model": "system.net.http.winhttphandler",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.1"
      },
      {
        "model": "system.net.websockets.client",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.0.0"
      },
      {
        "model": "system.net.security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.3.0"
      },
      {
        "model": "system.net.http",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "4.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.webapicompatshim",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.dataannotations",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.abstractions",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "asp.net model view controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.json",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.razor.host",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.apiexplorer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.cors",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.taghelpers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.2"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.1"
      },
      {
        "model": "microsoft.aspnetcore.mvc.localization",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.0"
      },
      {
        "model": "microsoft.aspnetcore.mvc.formatters.xml",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.0.3"
      },
      {
        "model": "microsoft.aspnetcore.mvc.viewfeatures",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "1.1.1"
      },
      {
        "model": "asp.net",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "core"
      },
      {
        "model": "asp.net core",
        "scope": null,
        "trust": 0.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "asp.net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "BID",
        "id": "98116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:asp.net",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Fernandez of Sidertia Solutions",
    "sources": [
      {
        "db": "BID",
        "id": "98116"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-0247",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-0247",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-07322",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-0247",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-0247",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-0247",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-07322",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-737",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-0247",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "db": "BID",
        "id": "98116"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-0247",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "98116",
        "trust": 0.4
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "db": "BID",
        "id": "98116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "id": "VAR-201705-3358",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      }
    ],
    "trust": 0.79172932
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:17:57.022000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
        "trust": 0.8,
        "url": "https://github.com/aspnet/Announcements/issues/239"
      },
      {
        "title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/94177"
      },
      {
        "title": "Microsoft ASP.NET Core Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70331"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dotnet/source-build-reference-packages "
      },
      {
        "title": "OssIndexClient",
        "trust": 0.1,
        "url": "https://github.com/SimonCropp/OssIndexClient "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://github.com/aspnet/announcements/issues/239"
      },
      {
        "trust": 1.7,
        "url": "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos"
      },
      {
        "trust": 1.7,
        "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0247"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "https://technet.microsoft.com/library/security/4021279.aspx"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/dotnet/source-build-reference-packages"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/98116"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/simoncropp/ossindexclient"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "db": "BID",
        "id": "98116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "db": "BID",
        "id": "98116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "date": "2017-05-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "date": "2017-05-10T00:00:00",
        "db": "BID",
        "id": "98116"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "date": "2017-05-12T14:29:03.910000",
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-07322"
      },
      {
        "date": "2021-06-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-0247"
      },
      {
        "date": "2017-05-23T16:25:00",
        "db": "BID",
        "id": "98116"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      },
      {
        "date": "2021-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      },
      {
        "date": "2024-11-21T03:02:37.353000",
        "db": "NVD",
        "id": "CVE-2017-0247"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft ASP.NET Core Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003293"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-737"
      }
    ],
    "trust": 0.6
  }
}