ID

VAR-201711-0165


CVE

CVE-2017-11883


TITLE

ASP.NET Core Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-010123

DESCRIPTION

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from programs that do not properly handle web requests. ASP.NET Core 1.0, 1.1 and 2.0 are vulnerable

Trust: 2.97

sources: NVD: CVE-2017-11883 // JVNDB: JVNDB-2017-010123 // CNVD: CNVD-2017-37113 // CNNVD: CNNVD-201711-511 // BID: 101835

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37113

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:1.0

Trust: 1.7

vendor:microsoftmodel:asp.net corescope:eqversion:1.1

Trust: 1.7

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 1.7

vendor:microsoftmodel:aspnetcorescope:eqversion:1.0

Trust: 1.6

vendor:microsoftmodel:aspnetcorescope:eqversion:2.0

Trust: 1.6

vendor:microsoftmodel:aspnetcorescope:eqversion:1.1

Trust: 1.6

sources: CNVD: CNVD-2017-37113 // BID: 101835 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-11883
value: HIGH

Trust: 1.0

NVD: CVE-2017-11883
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37113
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-511
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-11883
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37113
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-11883
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37113 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-19

Trust: 0.8

sources: JVNDB: JVNDB-2017-010123 // NVD: CVE-2017-11883

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-511

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-511

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010123

PATCH

title:CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883

Trust: 0.8

title:CVE-2017-11883 | ASP.NET Core Denial Of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-11883

Trust: 0.8

title:Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2017-37113)url:https://www.cnvd.org.cn/patchInfo/show/110493

Trust: 0.6

title:Microsoft ASP.NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76352

Trust: 0.6

sources: CNVD: CNVD-2017-37113 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511

EXTERNAL IDS

db:NVDid:CVE-2017-11883

Trust: 3.3

db:BIDid:101835

Trust: 2.5

db:SECTRACKid:1039793

Trust: 1.6

db:JVNDBid:JVNDB-2017-010123

Trust: 0.8

db:CNVDid:CNVD-2017-37113

Trust: 0.6

db:CNNVDid:CNNVD-201711-511

Trust: 0.6

sources: CNVD: CNVD-2017-37113 // BID: 101835 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

REFERENCES

url:http://www.securityfocus.com/bid/101835

Trust: 2.2

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11883

Trust: 1.9

url:http://www.securitytracker.com/id/1039793

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2017-11883

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11883

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2017/at170044.html

Trust: 0.8

url:http://www.microsoft.com

Trust: 0.3

sources: CNVD: CNVD-2017-37113 // BID: 101835 // JVNDB: JVNDB-2017-010123 // CNNVD: CNNVD-201711-511 // NVD: CVE-2017-11883

CREDITS

Microsoft

Trust: 0.9

sources: BID: 101835 // CNNVD: CNNVD-201711-511

SOURCES

db:CNVDid:CNVD-2017-37113
db:BIDid:101835
db:JVNDBid:JVNDB-2017-010123
db:CNNVDid:CNNVD-201711-511
db:NVDid:CVE-2017-11883

LAST UPDATE DATE

2024-08-14T13:46:18.659000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-37113date:2017-12-14T00:00:00
db:BIDid:101835date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010123date:2017-12-06T00:00:00
db:CNNVDid:CNNVD-201711-511date:2019-10-23T00:00:00
db:NVDid:CVE-2017-11883date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-37113date:2017-12-14T00:00:00
db:BIDid:101835date:2017-11-14T00:00:00
db:JVNDBid:JVNDB-2017-010123date:2017-12-06T00:00:00
db:CNNVDid:CNNVD-201711-511date:2017-11-16T00:00:00
db:NVDid:CVE-2017-11883date:2017-11-15T03:29:01.953