ID

VAR-201805-0649


CVE

CVE-2018-0765


TITLE

Microsoft .NET Framework and .NET Core Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-004255

DESCRIPTION

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Successful exploits will attackers to cause a denial of service condition

Trust: 1.89

sources: NVD: CVE-2018-0765 // JVNDB: JVNDB-2018-004255 // BID: 104060

AFFECTED PRODUCTS

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.2

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7.1

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.2

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6.1

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.7

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:4.6

Trust: 2.7

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5.1

Trust: 2.1

vendor:microsoftmodel:.net frameworkscope:eqversion:4.5.2

Trust: 2.1

vendor:microsoftmodel:.net frameworkscope:eqversion:3.5

Trust: 2.1

vendor:microsoftmodel:.net corescope:eqversion:2.0

Trust: 1.8

vendor:microsoftmodel:.net frameworkscope:eqversion:3.0

Trust: 1.3

vendor:microsoftmodel:.net frameworkscope:eqversion:2.0

Trust: 1.3

vendor:microsoftmodel:.net frameworkscope:eqversion:2.0 sp2

Trust: 0.8

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 0.3

sources: BID: 104060 // JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309 // NVD: CVE-2018-0765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0765
value: HIGH

Trust: 1.0

NVD: CVE-2018-0765
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-309
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-0765
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-0765
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309 // NVD: CVE-2018-0765

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-004255 // NVD: CVE-2018-0765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-309

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-309

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004255

PATCH

title:CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765

Trust: 0.8

title:CVE-2018-0765 | .NET および .NET Core のサービス拒否の脆弱性url:https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0765

Trust: 0.8

title:Microsoft .NET Framework and .NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79987

Trust: 0.6

sources: JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309

EXTERNAL IDS

db:NVDid:CVE-2018-0765

Trust: 2.7

db:BIDid:104060

Trust: 1.3

db:SECTRACKid:1040851

Trust: 1.0

db:JVNDBid:JVNDB-2018-004255

Trust: 0.8

db:NSFOCUSid:39696

Trust: 0.6

db:CNNVDid:CNNVD-201805-309

Trust: 0.6

sources: BID: 104060 // JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309 // NVD: CVE-2018-0765

REFERENCES

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0765

Trust: 1.9

url:http://www.securityfocus.com/bid/104060

Trust: 1.0

url:http://www.securitytracker.com/id/1040851

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0765

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20180509-ms.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2018/at180021.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0765

Trust: 0.8

url:http://www.nsfocus.net/vulndb/39696

Trust: 0.6

url:http://www.microsoft.com

Trust: 0.3

sources: BID: 104060 // JVNDB: JVNDB-2018-004255 // CNNVD: CNNVD-201805-309 // NVD: CVE-2018-0765

CREDITS

Microsoft

Trust: 0.3

sources: BID: 104060

SOURCES

db:BIDid:104060
db:JVNDBid:JVNDB-2018-004255
db:CNNVDid:CNNVD-201805-309
db:NVDid:CVE-2018-0765

LAST UPDATE DATE

2024-08-14T14:12:53.200000+00:00


SOURCES UPDATE DATE

db:BIDid:104060date:2018-05-08T00:00:00
db:JVNDBid:JVNDB-2018-004255date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201805-309date:2018-05-10T00:00:00
db:NVDid:CVE-2018-0765date:2018-06-14T18:01:35.410

SOURCES RELEASE DATE

db:BIDid:104060date:2018-05-08T00:00:00
db:JVNDBid:JVNDB-2018-004255date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201805-309date:2018-05-10T00:00:00
db:NVDid:CVE-2018-0765date:2018-05-09T19:29:00.323