Details of VAR-201711-0165

ID

VAR-201711-0165

CVE

CVE-2017-11883

TITLE

ASP.NET Core Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-010123

DESCRIPTION

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable

Trust: 2.97

sources: NVD: CVE-2017-11883 // JVNDB: JVNDB-2017-010123 // CNVD: CNVD-2017-37113 // CNNVD: CNNVD-201711-511 // BID: 101835

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-37113

AFFECTED PRODUCTS

vendor:	microsoft	model:	asp.net core	scope:	eq	version:	1.0	Trust: 1.7
vendor:	microsoft	model:	asp.net core	scope:	eq	version:	1.1	Trust: 1.7
vendor:	microsoft	model:	asp.net core	scope:	eq	version:	2.0	Trust: 1.7
vendor:	microsoft	model:	aspnetcore	scope:	eq	version:	1.0	Trust: 1.6
vendor:	microsoft	model:	aspnetcore	scope:	eq	version:	2.0	Trust: 1.6
vendor:	microsoft	model:	aspnetcore	scope:	eq	version:	1.1	Trust: 1.6

sources: CNVD: CNVD-2017-37113 // BID: 101835 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11883
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-11883
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-37113
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-511
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-11883
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37113
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-11883
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-37113 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-19	Trust: 0.8

sources: JVNDB: JVNDB-2017-010123 // NVD: CVE-2017-11883

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-511

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-511

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010123

PATCH

title:	CVE-2017-11883 \| ASP.NET Core Denial Of Service Vulnerability	url:	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883	Trust: 0.8
title:	CVE-2017-11883 \| ASP.NET Core Denial Of Service Vulnerability	url:	https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11883	Trust: 0.8
title:	Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2017-37113)	url:	https://www.cnvd.org.cn/patchInfo/show/110493	Trust: 0.6
title:	Microsoft ASP.NET Core Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76352	Trust: 0.6

sources: CNVD: CNVD-2017-37113 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11883	Trust: 3.3
db:	BID	id:	101835	Trust: 2.5
db:	SECTRACK	id:	1039793	Trust: 1.6
db:	JVNDB	id:	JVNDB-2017-010123	Trust: 0.8
db:	CNVD	id:	CNVD-2017-37113	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-511	Trust: 0.6

sources: CNVD: CNVD-2017-37113 // BID: 101835 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

REFERENCES

url:	http://www.securityfocus.com/bid/101835	Trust: 2.2
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11883	Trust: 1.9
url:	http://www.securitytracker.com/id/1039793	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11883	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11883	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2017/at170044.html	Trust: 0.8
url:	http://www.microsoft.com	Trust: 0.3

sources: CNVD: CNVD-2017-37113 // BID: 101835 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

CREDITS

Microsoft

Trust: 0.9

sources: BID: 101835 // CNNVD: CNNVD-201711-511

SOURCES

db:	CNVD	id:	CNVD-2017-37113
db:	BID	id:	101835
db:	JVNDB	id:	JVNDB-2017-010123
db:	CNNVD	id:	CNNVD-201711-511
db:	NVD	id:	CVE-2017-11883

LAST UPDATE DATE

2024-08-14T13:46:18.659000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37113	date:	2017-12-14T00:00:00
db:	BID	id:	101835	date:	2017-12-19T22:00:00
db:	JVNDB	id:	JVNDB-2017-010123	date:	2017-12-06T00:00:00
db:	CNNVD	id:	CNNVD-201711-511	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-11883	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-37113	date:	2017-12-14T00:00:00
db:	BID	id:	101835	date:	2017-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-010123	date:	2017-12-06T00:00:00
db:	CNNVD	id:	CNNVD-201711-511	date:	2017-11-16T00:00:00
db:	NVD	id:	CVE-2017-11883	date:	2017-11-15T03:29:01.953