Action not permitted
Modal body text goes here.
cve-2017-11770
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/101710 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1039787 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://access.redhat.com/errata/RHSA-2017:3248 | Third Party Advisory | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101710 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039787 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:3248 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770 | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Microsoft Corporation | .NET Core |
Version: .NET Core 1.0, .NET Core 1.1, and .NET Core 2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:19:38.755Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1039787", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039787" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "name": "RHSA-2017:3248", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3248" }, { "name": "101710", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101710" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": ".NET Core", "vendor": "Microsoft Corporation", "versions": [ { "status": "affected", "version": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0" } ] } ], "datePublic": "2017-11-14T00:00:00", "descriptions": [ { "lang": "en", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-01T21:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "1039787", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039787" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "name": "RHSA-2017:3248", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3248" }, { "name": "101710", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101710" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-11770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET Core", "version": { "version_data": [ { "version_value": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0" } ] } } ] }, "vendor_name": "Microsoft Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "1039787", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039787" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "name": "RHSA-2017:3248", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3248" }, { "name": "101710", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101710" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-11770", "datePublished": "2017-11-15T03:00:00Z", "dateReserved": "2017-07-31T00:00:00", "dateUpdated": "2024-09-16T22:41:39.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-11770\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-11-15T03:29:00.247\",\"lastModified\":\"2024-11-21T03:08:28.373\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \\\".NET CORE Denial Of Service Vulnerability\\\".\"},{\"lang\":\"es\",\"value\":\".NET Core 1.0, 1.1 y 2.0 permite que un atacante no autenticado provoque un ataque de denegaci\u00f3n de servicio (DoS) de forma remota contra una aplicaci\u00f3n web de .NET Core analizando incorrectamente datos de certificados. Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) cuando .NET Core gestiona de manera incorrecta en an\u00e1lisis sint\u00e1ctico de datos de certificados. Esta vulnerabilidad tambi\u00e9n se conoce como \\\".NET CORE Denial Of Service Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931E8C70-B5A4-43BA-8878-12DCE3BB7887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AE520B3-FDFE-44DC-B299-F78934491AB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C2F277-29BA-4E33-B2FF-2DA5CE744DFE\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101710\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039787\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3248\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
var-201711-0194
Vulnerability from variot
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: .NET Core security update Advisory ID: RHSA-2017:3248-01 Product: dotNET on RHEL Advisory URL: https://access.redhat.com/errata/RHSA-2017:3248 Issue date: 2017-11-20 CVE Names: CVE-2017-8585 CVE-2017-11770 =====================================================================
- Summary:
A security update for .NET Core on RHEL is now available.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64 dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture 1512992 - CVE-2017-11770 dotNET: DDos via bad certificate
- Package List:
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm
dotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet20-dotnet-2.0.3-4.el7.src.rpm
x86_64: rh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-8585 https://access.redhat.com/security/cve/CVE-2017-11770 https://access.redhat.com/security/updates/classification/#low
https://github.com/dotnet/announcements/issues/34 https://github.com/dotnet/announcements/issues/44
https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7 qK6A1l+OTjiiqdhM/cGc8ZU= =DZ68 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0194", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "aspnetcore", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1.0" }, { "model": "aspnetcore", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "2.0" }, { "model": "aspnetcore", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "1.0" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "1.1" }, { "model": ".net core", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "2.0" }, { "model": "asp.net core", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2.0" }, { "model": "asp.net core", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1.1" }, { "model": "asp.net core", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1.0" } ], "sources": [ { "db": "BID", "id": "101710" }, { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "CNNVD", "id": "CNNVD-201711-585" }, { "db": "NVD", "id": "CVE-2017-11770" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:microsoft:.net_core", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010105" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Bachraty Gergely", "sources": [ { "db": "BID", "id": "101710" } ], "trust": 0.3 }, "cve": "CVE-2017-11770", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-11770", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-11770", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-11770", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-11770", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201711-585", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "CNNVD", "id": "CNNVD-201711-585" }, { "db": "NVD", "id": "CVE-2017-11770" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\". \nASP.NET Core 1.0, 1.1 and 2.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: .NET Core security update\nAdvisory ID: RHSA-2017:3248-01\nProduct: dotNET on RHEL\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:3248\nIssue date: 2017-11-20\nCVE Names: CVE-2017-8585 CVE-2017-11770 \n=====================================================================\n\n1. Summary:\n\nA security update for .NET Core on RHEL is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7) - x86_64\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNew versions of .NET Core that address several security vulnerabilities are\nnow available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. (CVE-2017-11770)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1512982 - CVE-2017-8585 dotNet: DDoS via invalid culture\n1512992 - CVE-2017-11770 dotNET: DDos via bad certificate\n\n6. Package List:\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.8-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.8-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.5-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.5-1.el7.x86_64.rpm\n\ndotNET on RHEL for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet20-dotnet-2.0.3-4.el7.src.rpm\n\nx86_64:\nrh-dotnet20-dotnet-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-debuginfo-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-host-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-runtime-2.0-2.0.3-4.el7.x86_64.rpm\nrh-dotnet20-dotnet-sdk-2.0-2.0.3-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-8585\nhttps://access.redhat.com/security/cve/CVE-2017-11770\nhttps://access.redhat.com/security/updates/classification/#low\n\nhttps://github.com/dotnet/announcements/issues/34\nhttps://github.com/dotnet/announcements/issues/44\n\nhttps://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md\nhttps://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaEsB8XlSAg2UNWIIRAmOjAJ9wjYtfCUbtPpsnb6lS24iFpnlohwCfW3q7\nqK6A1l+OTjiiqdhM/cGc8ZU=\n=DZ68\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2017-11770" }, { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "BID", "id": "101710" }, { "db": "PACKETSTORM", "id": "145048" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-11770", "trust": 2.8 }, { "db": "BID", "id": "101710", "trust": 1.9 }, { "db": "SECTRACK", "id": "1039787", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2017-010105", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201711-585", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "145048", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "101710" }, { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "PACKETSTORM", "id": "145048" }, { "db": "CNNVD", "id": "CNNVD-201711-585" }, { "db": "NVD", "id": "CVE-2017-11770" } ] }, "id": "VAR-201711-0194", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.19172932 }, "last_update_date": "2024-11-23T22:34:27.732000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "title": "CVE-2017-11770 | .NET CORE Denial Of Service Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11770" }, { "title": "Microsoft .NET Core Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76424" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "CNNVD", "id": "CNNVD-201711-585" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-295", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "NVD", "id": "CVE-2017-11770" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11770" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:3248" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/101710" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1039787" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11770" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11770" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2017/at170044.html" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://github.com/dotnet/announcements/issues/44" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md" }, { "trust": 0.1, "url": "https://github.com/dotnet/announcements/issues/34" }, { "trust": 0.1, "url": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md" }, { "trust": 0.1, "url": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8585" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-8585" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-11770" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "BID", "id": "101710" }, { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "PACKETSTORM", "id": "145048" }, { "db": "CNNVD", "id": "CNNVD-201711-585" }, { "db": "NVD", "id": "CVE-2017-11770" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "101710" }, { "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "db": "PACKETSTORM", "id": "145048" }, { "db": "CNNVD", "id": "CNNVD-201711-585" }, { "db": "NVD", "id": "CVE-2017-11770" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-14T00:00:00", "db": "BID", "id": "101710" }, { "date": "2017-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "date": "2017-11-20T22:22:00", "db": "PACKETSTORM", "id": "145048" }, { "date": "2017-11-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-585" }, { "date": "2017-11-15T03:29:00.247000", "db": "NVD", "id": "CVE-2017-11770" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-12-19T22:37:00", "db": "BID", "id": "101710" }, { "date": "2017-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010105" }, { "date": "2019-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-585" }, { "date": "2024-11-21T03:08:28.373000", "db": "NVD", "id": "CVE-2017-11770" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-585" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": ".NET Core Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010105" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "trust management problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-585" } ], "trust": 0.6 } }
gsd-2017-11770
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2017-11770", "description": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\".", "id": "GSD-2017-11770", "references": [ "https://access.redhat.com/errata/RHSA-2017:3248" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-11770" ], "details": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\".", "id": "GSD-2017-11770", "modified": "2023-12-13T01:21:15.883866Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-11770", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": ".NET Core", "version": { "version_data": [ { "version_value": ".NET Core 1.0, .NET Core 1.1, and .NET Core 2.0" } ] } } ] }, "vendor_name": "Microsoft Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "1039787", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039787" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "name": "RHSA-2017:3248", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3248" }, { "name": "101710", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101710" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[1.0.0,2.0.3)", "affected_versions": "All versions starting from 1.0.0 before 2.0.3", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-295", "CWE-937" ], "date": "2022-04-12", "description": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\".", "fixed_versions": [ "2.0.3" ], "identifier": "CVE-2017-11770", "identifiers": [ "GHSA-7mfr-774f-w5r9", "CVE-2017-11770" ], "not_impacted": "All versions before 1.0.0, all versions starting from 2.0.3", "package_slug": "nuget/Microsoft.NETCore.App", "pubdate": "2022-04-12", "solution": "Upgrade to version 2.0.3 or above.", "title": "Improper Certificate Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-11770", "https://access.redhat.com/errata/RHSA-2017:3248", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", "http://www.securityfocus.com/bid/101710", "http://www.securitytracker.com/id/1039787", "https://github.com/advisories/GHSA-7mfr-774f-w5r9" ], "uuid": "84516260-f393-4448-a144-4ae95acffed4" }, { "affected_range": "[4.0.0,4.1.2)", "affected_versions": "All versions starting from 4.0.0 before 4.1.2", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-295", "CWE-937" ], "date": "2022-04-12", "description": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\".", "fixed_versions": [ "4.1.2" ], "identifier": "CVE-2017-11770", "identifiers": [ "GHSA-7mfr-774f-w5r9", "CVE-2017-11770" ], "not_impacted": "All versions before 4.0.0, all versions starting from 4.1.2", "package_slug": "nuget/System.Security.Cryptography.X509Certificates", "pubdate": "2022-04-12", "solution": "Upgrade to version 4.1.2 or above.", "title": "Improper Certificate Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-11770", "https://access.redhat.com/errata/RHSA-2017:3248", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", "http://www.securityfocus.com/bid/101710", "http://www.securitytracker.com/id/1039787", "https://github.com/advisories/GHSA-7mfr-774f-w5r9" ], "uuid": "cc2692b3-88a6-42a7-b9b2-ade345a0ccbc" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-11770" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\"." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-295" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "name": "1039787", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039787" }, { "name": "101710", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101710" }, { "name": "RHSA-2017:3248", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3248" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2019-04-16T20:01Z", "publishedDate": "2017-11-15T03:29Z" } } }
ghsa-7mfr-774f-w5r9
Vulnerability from github
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
{ "affected": [ { "package": { "ecosystem": "NuGet", "name": "System.Security.Cryptography.X509Certificates" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.1.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.NETCore.App" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "2.0.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2017-11770" ], "database_specific": { "cwe_ids": [ "CWE-295" ], "github_reviewed": true, "github_reviewed_at": "2022-04-12T00:07:34Z", "nvd_published_at": null, "severity": "HIGH" }, "details": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\".", "id": "GHSA-7mfr-774f-w5r9", "modified": "2022-04-12T00:07:34Z", "published": "2022-04-12T00:07:34Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11770" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2017:3248" }, { "type": "WEB", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/101710" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1039787" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Improper Certificate Validation" }
rhsa-2017_3248
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update for .NET Core on RHEL is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3.\n\nSecurity Fix(es):\n\n* By providing an invalid culture, an attacker can cause a recursive lookup that leads to a denial of service when running on certain Windows platforms. (CVE-2017-8585)\n\n* Supplying a specially crafted certificate can cause an infinite X509Chain, resulting in a denial of service. (CVE-2017-11770)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2017:3248", "url": "https://access.redhat.com/errata/RHSA-2017:3248" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/34", "url": "https://github.com/dotnet/announcements/issues/34" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/44", "url": "https://github.com/dotnet/announcements/issues/44" }, { "category": "external", "summary": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md", "url": "https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.3.md" }, { "category": "external", "summary": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md", "url": "https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.5.md" }, { "category": "external", "summary": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md", "url": "https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.8.md" }, { "category": "external", "summary": "1512982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512982" }, { "category": "external", "summary": "1512992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512992" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3248.json" } ], "title": "Red Hat Security Advisory: .NET Core security update", "tracking": { "current_release_date": "2024-11-14T23:39:08+00:00", "generator": { "date": "2024-11-14T23:39:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2017:3248", "initial_release_date": "2017-11-20T11:45:33+00:00", "revision_history": [ { "date": "2017-11-20T11:45:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2017-11-30T16:45:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T23:39:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7" } } }, { "category": "product_name", "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_dotnet:2.0::el7" } } } ], "category": "product_family", "name": ".NET Core on Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "product": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "product_id": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.8-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "product": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "product_id": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore-debuginfo@1.0.8-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "product": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "product_id": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.5-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "product": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "product_id": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore-debuginfo@1.1.5-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "product_id": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-sdk-2.0@2.0.3-4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "product_id": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-runtime-2.0@2.0.3-4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "product_id": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-debuginfo@2.0.3-4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "product_id": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet@2.0.3-4.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "product": { "name": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "product_id": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet-host@2.0.3-4.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "product": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "product_id": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.8-1.el7?arch=src" } } }, { "category": "product_version", "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "product": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "product_id": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.5-1.el7?arch=src" } } }, { "category": "product_version", "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "product": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "product_id": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-dotnet20-dotnet@2.0.3-4.el7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "relates_to_product_reference": "7ComputeNode-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "relates_to_product_reference": "7ComputeNode-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)", "product_id": "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7ComputeNode-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "relates_to_product_reference": "7Server-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "relates_to_product_reference": "7Server-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Server-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "relates_to_product_reference": "7Workstation-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64" }, "product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "relates_to_product_reference": "7Workstation-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64" }, "product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-1.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" }, { "category": "default_component_of", "full_product_name": { "name": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" }, "product_reference": "rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "relates_to_product_reference": "7Workstation-dotNET-2.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-8585", "discovery_date": "2017-10-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1512982" } ], "notes": [ { "category": "description", "text": "Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "Core: DoS via invalid culture", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-8585" }, { "category": "external", "summary": "RHBZ#1512982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512982" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-8585", "url": "https://www.cve.org/CVERecord?id=CVE-2017-8585" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-8585", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8585" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/34", "url": "https://github.com/dotnet/announcements/issues/34" }, { "category": "external", "summary": "https://www.sidertia.com/Home/Community/Blog/2017/07/14/Microsoft-fixes-the-CVE-2017-8585-security-vulnerability-discovered-by-Sidertia-Team", "url": "https://www.sidertia.com/Home/Community/Blog/2017/07/14/Microsoft-fixes-the-CVE-2017-8585-security-vulnerability-discovered-by-Sidertia-Team" } ], "release_date": "2017-11-14T12:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-20T11:45:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Core: DoS via invalid culture" }, { "cve": "CVE-2017-11770", "discovery_date": "2017-10-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1512992" } ], "notes": [ { "category": "description", "text": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka \".NET CORE Denial Of Service Vulnerability\".", "title": "Vulnerability description" }, { "category": "summary", "text": "Core: DoS via bad certificate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-11770" }, { "category": "external", "summary": "RHBZ#1512992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512992" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11770", "url": "https://www.cve.org/CVERecord?id=CVE-2017-11770" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11770", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11770" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/44", "url": "https://github.com/dotnet/announcements/issues/44" } ], "release_date": "2017-11-14T22:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2017-11-20T11:45:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2017:3248" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7ComputeNode-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Server-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Server-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.src", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.8-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.src", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.5-1.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.src", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-debuginfo-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-host-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-runtime-2.0-0:2.0.3-4.el7.x86_64", "7Workstation-dotNET-2.0:rh-dotnet20-dotnet-sdk-2.0-0:2.0.3-4.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Core: DoS via bad certificate" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.