CVE-2018-8517

Опубликовано: 11 дек. 2018

Источник: msrc

EPSS Средний

Описание

.NET Framework Denial Of Service Vulnerability

A denial of service vulnerability exists when .NET Framework improperly handles special web requests.

An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application.

The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.

Обновления

Продукт	Статья	Обновление
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems	4471324	Security Update
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems	4471324	Security Update
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation)	4471324	Security Update
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1	4470640 4470500	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1	4470640 4470500	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems	4470630 4470499	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems	4470639 4470499	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1	4470639	Monthly Rollup
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	4470640 4470500	Monthly Rollup Security Only
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4470640 4470500	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

Latest Software Release

Exploitation Unlikely

Older Software Release

Exploitation Unlikely

DOS

Temporary

EPSS

Процентиль: 94%

0.1398

Средний

Связанные уязвимости

CVE-2018-8517

CVSS3: 7.5

nvd

около 7 лет назад

A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

GHSA-6m2p-4g25-m3gv

CVSS3: 7.5

github

больше 3 лет назад

BDU:2019-00060

CVSS3: 7.5

fstec

около 7 лет назад

Уязвимость программной платформы Microsoft .NET Framework, связанная с ошибками механизмов обработки специальных веб-запросов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 94%

0.1398

Средний