CVE-2017-11770

EPSS 5.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 5.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

15 Nov 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".

Affected products

Microsoft Corporation · .NET Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2017:3248 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770 http://www.securityfocus.com/bid/101710 http://www.securitytracker.com/id/1039787