{"containers": {"cna": {"affected": [{"product": "ASP.NET", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0"}]}], "datePublic": "2017-11-14T00:00:00.000Z", "descriptions": [{"lang": "en", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-15T10:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"}, {"name": "101835", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101835"}, {"name": "1039793", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039793"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-11883", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET", "version": {"version_data": [{"version_value": "ASP.NET Core 1.0, ASP.NET Core 1.1, ASP.NET Core 2.0"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"}, {"name": "101835", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101835"}, {"name": "1039793", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039793"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:19:39.340Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"}, {"name": "101835", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101835"}, {"name": "1039793", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039793"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-11883", "datePublished": "2017-11-15T03:00:00.000Z", "dateReserved": "2017-07-31T00:00:00.000Z", "dateUpdated": "2024-09-16T23:06:51.531Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "931E8C70-B5A4-43BA-8878-12DCE3BB7887", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5AE520B3-FDFE-44DC-B299-F78934491AB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6C2F277-29BA-4E33-B2FF-2DA5CE744DFE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": ".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."}, {"lang": "es", "value": ".NET Core 1.0, 1.1 y 2.0 permiten que un atacante sin autenticar provoque un ataque remoto de denegaci\u00f3n de servicio (DoS) contra una aplicaci\u00f3n web de .NET Core al gestionar incorrectamente los objetos en la memoria. Esto tambi\u00e9n se conoce como \".NET CORE Denial Of Service Vulnerability\"."}], "id": "CVE-2017-11883", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-15T03:29:01.953", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101835"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039793"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "Core: DoS due to improper handling of web requests", "id": "1513363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513363"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": [".NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka \".NET CORE Denial Of Service Vulnerability\"."], "name": "CVE-2017-11883", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:1.0", "fix_state": "Not affected", "package_name": "rh-dotnetcore10-dotnetcore", "product_name": ".NET Core 1.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:1.1", "fix_state": "Not affected", "package_name": "rh-dotnetcore11-dotnetcore", "product_name": ".NET Core 1.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.0", "fix_state": "Not affected", "package_name": "rh-dotnet20-dotnet", "product_name": ".NET Core 2.0 on Red Hat Enterprise Linux"}], "public_date": "2017-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-11883\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11883\nhttps://github.com/aspnet/announcements/issues/278"], "threat_severity": "Important"}

{}