Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-0786

Опубликовано: 09 янв. 2018
Источник: msrc
EPSS Низкий

Описание

.NET Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates.

An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings.

The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.

Обновления

ПродуктСтатьяОбновление
.NET Core 1.0
Security Update
.NET Core 2.0
Security Update
PowerShell Core 6.0.0
Release Notes
Security Update
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for 32-bit Systems Service Pack 1
40748804054183
Monthly RollupSecurity Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for x64-based Systems Service Pack 1
40748804054183
Monthly RollupSecurity Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for 32-bit systems
40550014054182
Monthly RollupSecurity Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for x64-based systems
40550014054182
Monthly RollupSecurity Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows RT 8.1
4055001
-
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
40748804054183
Monthly RollupSecurity Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
40748804054183
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Unlikely

Older Software Release

Exploitation Unlikely

EPSS

Процентиль: 78%
0.01188
Низкий

Связанные уязвимости

redhat логотип

CVE-2018-0786

CVSS3: 7.3
redhat
больше 7 лет назад

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

nvd логотип

CVE-2018-0786

CVSS3: 7.5
nvd
больше 7 лет назад

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

github логотип

GHSA-jc8g-xhw5-6x46

CVSS3: 7.5
github
больше 6 лет назад

Improper Certificate Validation in Microsoft .NET Framework components

EPSS

Процентиль: 78%
0.01188
Низкий