Sign-up

ID

VAR-201805-0649


CVE

CVE-2018-0765


TITLE

Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-004255

DESCRIPTION

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition

Trust: 1.89

sources: NVD: CVE-2018-0765 // JVNDB: JVNDB-2018-004255 // BID: 104060

AFFECTED PRODUCTS

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.2

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.1

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.2

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.1

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 2.1

vendor:microsoftmodel:.net frameworkscope:eqversion:4.5.2

Trust: 2.1

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 2.1

vendor:microsoftmodel:.net corescope:eqversion:2.0

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0

Trust: 1.3

vendor:microsoftmodel:.net frameworkscope:eqversion:2.0

Trust: 1.3

vendor:microsoftmodel:.net frameworkscope:eqversion:2.0 sp2

Trust: 0.8

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 0.3

sources: BID: 104060 // JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309 // NVD: CVE-2018-0765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0765
value: HIGH

Trust: 1.0

NVD: CVE-2018-0765
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-309
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-0765
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-0765
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309 // NVD: CVE-2018-0765

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-004255 // NVD: CVE-2018-0765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-309

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-309

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004255

PATCH
title:CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765
Trust: 0.8
title:CVE-2018-0765 | .NET および .NET Core のサービス拒否の脆弱性url:https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0765
Trust: 0.8
title:Microsoft .NET Framework  and .NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79987
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004255 // 
            
            
            
            CNNVD: CNNVD-201805-309

EXTERNAL IDS
db:NVDid:CVE-2018-0765
Trust: 2.7
db:BIDid:104060
Trust: 1.3
db:SECTRACKid:1040851
Trust: 1.0
db:JVNDBid:JVNDB-2018-004255
Trust: 0.8
db:NSFOCUSid:39696
Trust: 0.6
db:CNNVDid:CNNVD-201805-309
Trust: 0.6
sources:
            
            
            BID: 104060 // 
            
            
            
            JVNDB: JVNDB-2018-004255 // 
            
            
            
            CNNVD: CNNVD-201805-309 // 
            
            
            
            NVD: CVE-2018-0765

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0765
Trust: 1.9
url:http://www.securityfocus.com/bid/104060
Trust: 1.0
url:http://www.securitytracker.com/id/1040851
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0765
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20180509-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2018/at180021.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0765
Trust: 0.8
url:http://www.nsfocus.net/vulndb/39696
Trust: 0.6
url:http://www.microsoft.com
Trust: 0.3
sources:
            
            
            BID: 104060 // 
            
            
            
            JVNDB: JVNDB-2018-004255 // 
            
            
            
            CNNVD: CNNVD-201805-309 // 
            
            
            
            NVD: CVE-2018-0765

CREDITS
Microsoft
Trust: 0.3
sources:
            
            
            BID: 104060

SOURCES
db:BIDid:104060
db:JVNDBid:JVNDB-2018-004255
db:CNNVDid:CNNVD-201805-309
db:NVDid:CVE-2018-0765

LAST UPDATE DATE
2024-08-14T14:12:53.200000+00:00

SOURCES UPDATE DATE
db:BIDid:104060date:2018-05-08T00:00:00
db:JVNDBid:JVNDB-2018-004255date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201805-309date:2018-05-10T00:00:00
db:NVDid:CVE-2018-0765date:2018-06-14T18:01:35.410

SOURCES RELEASE DATE
db:BIDid:104060date:2018-05-08T00:00:00
db:JVNDBid:JVNDB-2018-004255date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201805-309date:2018-05-10T00:00:00
db:NVDid:CVE-2018-0765date:2018-05-09T19:29:00.323