CVE-2017-11770

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

Published : 2017-11-15 03:29 Updated : 2019-04-16 20:01

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Microsoft Aspnetcore 1.0 cpe:/a:microsoft:aspnetcore:1.0
Microsoft Aspnetcore 1.1 cpe:/a:microsoft:aspnetcore:1.1
Microsoft Aspnetcore 2.0 cpe:/a:microsoft:aspnetcore:2.0
  1. Microsoft (1) Search CVE
    1. Aspnetcore (3) Search CVE
      1. 1.0
      2. 1.1
      3. 2.0

CWE

ID Name Description Links
CWE-295 Improper Certificate Validation The software does not validate, or incorrectly validates, a certificate. CVE

History of changes

Date Event
2019-04-16 20:01
2017-12-02 02:29
2017-12-01 18:19
2017-11-16 02:29
2017-11-15 03:29

New CVE