Vulnerabilites related to Microsoft - ASP.NET Core
CVE-2019-0564 (GCVE-0-2019-0564)
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:27.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
},
{
"name": "106413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106413"
},
{
"name": "RHSA-2019:0040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
},
{
"name": "106413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106413"
},
{
"name": "RHSA-2019:0040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564"
},
{
"name": "106413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106413"
},
{
"name": "RHSA-2019:0040",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0564",
"datePublished": "2019-01-08T21:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:51:27.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0982 (GCVE-0-2019-0982)
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2024-08-04 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:24:57",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0982",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8356 (GCVE-0-2018-8356)
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Security Feature Bypass
Summary
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft .NET Framework |
Version: 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 3.5 on Windows 10 for 32-bit Systems Version: 3.5 on Windows 10 for x64-based Systems Version: 3.5 on Windows 10 Version 1607 for 32-bit Systems Version: 3.5 on Windows 10 Version 1607 for x64-based Systems Version: 3.5 on Windows 10 Version 1703 for 32-bit Systems Version: 3.5 on Windows 10 Version 1703 for x64-based Systems Version: 3.5 on Windows 10 Version 1709 for 32-bit Systems Version: 3.5 on Windows 10 Version 1709 for x64-based Systems Version: 3.5 on Windows 10 Version 1803 for 32-bit Systems Version: 3.5 on Windows 10 Version 1803 for x64-based Systems Version: 3.5 on Windows 8.1 for 32-bit systems Version: 3.5 on Windows 8.1 for x64-based systems Version: 3.5 on Windows Server 2012 Version: 3.5 on Windows Server 2012 (Server Core installation) Version: 3.5 on Windows Server 2012 R2 Version: 3.5 on Windows Server 2012 R2 (Server Core installation) Version: 3.5 on Windows Server 2016 Version: 3.5 on Windows Server 2016 (Server Core installation) Version: 3.5 on Windows Server, version 1709 (Server Core Installation) Version: 3.5 on Windows Server, version 1803 (Server Core Installation) Version: 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 Version: 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 Version: 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 Version: 4.5.2 on Windows 8.1 for 32-bit systems Version: 4.5.2 on Windows 8.1 for x64-based systems Version: 4.5.2 on Windows RT 8.1 Version: 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.5.2 on Windows Server 2012 Version: 4.5.2 on Windows Server 2012 (Server Core installation) Version: 4.5.2 on Windows Server 2012 R2 Version: 4.5.2 on Windows Server 2012 R2 (Server Core installation) Version: 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Version: 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems Version: 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Version: 4.7.2 on Windows 10 Version 1803 for 32-bit Systems Version: 4.7.2 on Windows 10 Version 1803 for x64-based Systems Version: 4.7.2 on Windows Server, version 1803 (Server Core Installation) |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"name": "104664",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104664"
},
{
"name": "1041257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft .NET Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "3.5 on Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "3.5 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2016"
},
{
"status": "affected",
"version": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"status": "affected",
"version": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"status": "affected",
"version": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "4.5.2 on Windows RT 8.1"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"status": "affected",
"version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"status": "affected",
"version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"status": "affected",
"version": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": ".NET Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "4.7.2 Developer Pack"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"name": "104664",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104664"
},
{
"name": "1041257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041257"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework",
"version": {
"version_data": [
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
},
{
"version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "3.5 on Windows 10 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "3.5 on Windows 8.1 for x64-based systems"
},
{
"version_value": "3.5 on Windows Server 2012"
},
{
"version_value": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2012 R2"
},
{
"version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2016"
},
{
"version_value": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.5.2 on Windows RT 8.1"
},
{
"version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012"
},
{
"version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
},
{
"version_value": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": ".NET Framework",
"version": {
"version_data": [
{
"version_value": "4.7.2 Developer Pack"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka \".NET Framework Security Feature Bypass Vulnerability.\" This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356"
},
{
"name": "104664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104664"
},
{
"name": "1041257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041257"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8356",
"datePublished": "2018-07-11T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0548 (GCVE-0-2019-0548)
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:51:27.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106410"
},
{
"name": "RHSA-2019:0040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"datePublic": "2019-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "106410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106410"
},
{
"name": "RHSA-2019:0040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \"ASP.NET Core Denial of Service Vulnerability.\" This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106410"
},
{
"name": "RHSA-2019:0040",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0040"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0548",
"datePublished": "2019-01-08T21:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:51:27.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1161 (GCVE-0-2020-1161)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) |
Version: unspecified |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "16.0"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Visual Studio 2019 version 16.5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:28",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019",
"version": {
"version_data": [
{
"version_value": "16.0"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.5",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1161",
"datePublished": "2020-05-21T22:53:28",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0602 (GCVE-0-2020-0602)
Vulnerability from cvelistv5
Published
2020-01-14 23:11
Modified
2024-08-04 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 Version: 3.0 Version: 3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:04.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
},
{
"name": "RHSA-2020:0130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"name": "RHSA-2020:0134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-16T19:06:08",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
},
{
"name": "RHSA-2020:0130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"name": "RHSA-2020:0134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "3.0"
},
{
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602"
},
{
"name": "RHSA-2020:0130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"name": "RHSA-2020:0134",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0602",
"datePublished": "2020-01-14T23:11:20",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:04.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0603 (GCVE-0-2020-0603)
Vulnerability from cvelistv5
Published
2020-01-14 23:11
Modified
2024-08-04 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 Version: 3.0 Version: 3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:04.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
},
{
"name": "RHSA-2020:0130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"name": "RHSA-2020:0134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-16T19:06:09",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
},
{
"name": "RHSA-2020:0130",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"name": "RHSA-2020:0134",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "3.0"
},
{
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u0027ASP.NET Core Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603"
},
{
"name": "RHSA-2020:0130",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0130"
},
{
"name": "RHSA-2020:0134",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0603",
"datePublished": "2020-01-14T23:11:21",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:04.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8171 (GCVE-0-2018-8171)
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Security Feature Bypass
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | ASP.NET |
Version: Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5 Version: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET MVC 5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Microsoft Visual Studio 2015 Update 3"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET MVC 5.2",
"version": {
"version_data": [
{
"version_value": "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8171",
"datePublished": "2018-07-11T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:46:13.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1302 (GCVE-0-2019-1302)
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 Version: 2.2 Version: 3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:30.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:25:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "2.2"
},
{
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka \u0027ASP.NET Core Elevation Of Privilege Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1302",
"datePublished": "2019-09-11T21:25:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:30.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1075 (GCVE-0-2019-1075)
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.1 Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka \u0027ASP.NET Core Spoofing Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T18:56:20",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
},
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka \u0027ASP.NET Core Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1075",
"datePublished": "2019-07-15T18:56:20",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8409 (GCVE-0-2018-8409)
Vulnerability from cvelistv5
Published
2018-09-13 00:00
Modified
2024-08-05 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | System.IO.Pipelines |
Version: System.IO.Pipelines |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:54:36.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System.IO.Pipelines",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "System.IO.Pipelines"
}
]
},
{
"product": ".NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"datePublic": "2018-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-13T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "105223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System.IO.Pipelines",
"version": {
"version_data": [
{
"version_value": "System.IO.Pipelines"
}
]
}
},
{
"product_name": ".NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka \"System.IO.Pipelines Denial of Service.\" This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105223"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8409",
"datePublished": "2018-09-13T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T06:54:36.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0815 (GCVE-0-2019-0815)
Vulnerability from cvelistv5
Published
2019-04-09 20:16
Modified
2024-08-04 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | ASP.NET Core |
Version: 2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
},
{
"name": "107701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:06",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
},
{
"name": "107701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka \u0027ASP.NET Core Denial of Service Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0815"
},
{
"name": "107701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0815",
"datePublished": "2019-04-09T20:16:25",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}