Important 📢 Publicly disclosed 2018-03 archive

Executive Summary

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
Category Denial of Service
Released Mar 13 2018
Last Updated Mar 13 2018
Publicly Disclosed Yes
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

1 affected product
Product KB Article Severity Impact Restart Required
ASP.NET Core 2.0 Commit (Security Update) Important Denial of Service Yes

Patches

1 patch
Article Type Restart
Commit Security Update Yes

Known Exploits

Acknowledgments

Andrei Gorlov