Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-8356

🗓️ 11 Jul 2018 00:00:00Reported by microsoftType 
cve
 cve🔗 web.nvd.nist.gov👁 128 Views

A security feature bypass vulnerability in Microsoft .NET Framework components allowing certificate validation bypass. Affected versions: .NET Framework 4.7.2, 3.0, 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, 3.5, 3.5.1, 4.6/4.6.1/4.6.2, .NET Core 1.0, 2.0, 4.6, 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
CNVD		Microsoft .NET Framework Security Bypass Vulnerability (CNVD-2018-15854)
12 Jul 201800:00
cnvd
Cvelist		CVE-2018-8356
11 Jul 201800:00
cvelist
EUVD		EUVD-2022-4735
3 Oct 202520:07
euvd
Github Security Blog		Improper Certificate Validation in Microsoft .NET Framework components
14 May 202203:00
github
Microsoft KB		Description of the Security and Quality Rollup updates for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4338415)
10 Jul 201807:00
mskb
Microsoft KB		Description of the Security and Quality Rollup updates for .NET Framework 4.5.2 for Windows Server 2012 (KB 4338416)
10 Jul 201807:00
mskb
Microsoft KB		Description of the Security and Quality Rollup updates for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 (KB 4338417)
10 Jul 201807:00
mskb
Microsoft KB		Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4338418)
10 Jul 201807:00
mskb
Microsoft KB		Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4338419)
10 Jul 201807:00
mskb
Microsoft KB		Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 (KB 4338420)
10 Jul 201807:00
mskb
Rows per page
NVD
Vulners
Node
microsoft.net_frameworkMatch3.0sp2
AND
microsoftwindows_server_2008Match-sp2
Node
microsoft.net_frameworkMatch3.5
AND
microsoftwindows_10Match-
OR
microsoftwindows_10Match1607
OR
microsoftwindows_10Match1703
OR
microsoftwindows_10Match1709
OR
microsoftwindows_10Match1803
OR
microsoftwindows_8.1
OR
microsoftwindows_serverMatch1803
OR
microsoftwindows_server_2012
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016
Node
microsoft.net_frameworkMatch3.5.1
AND
microsoftwindows_7Match-sp1
OR
microsoftwindows_server_2008Matchr2sp1
Node
microsoft.net_frameworkMatch4.5.2
AND
microsoftwindows_7Match-sp1
OR
microsoftwindows_8.1
OR
microsoftwindows_rt_8.1Match-
OR
microsoftwindows_server_2008sp2
OR
microsoftwindows_server_2008Matchr2sp1
OR
microsoftwindows_server_2012
OR
microsoftwindows_server_2012Matchr2
Node
microsoft.net_frameworkMatch4.6
AND
microsoftwindows_server_2008sp2
Node
microsoft.net_frameworkMatch4.6.2
OR
microsoft.net_frameworkMatch4.7
OR
microsoft.net_frameworkMatch4.7.1
OR
microsoft.net_frameworkMatch4.7.2
AND
microsoftwindows_10Match1607
OR
microsoftwindows_server_2016Match-
Node
microsoft.net_frameworkMatch4.6
OR
microsoft.net_frameworkMatch4.6.1
OR
microsoft.net_frameworkMatch4.6.2
AND
microsoftwindows_10Match-
Node
microsoft.net_frameworkMatch4.6
OR
microsoft.net_frameworkMatch4.6.1
OR
microsoft.net_frameworkMatch4.6.2
OR
microsoft.net_frameworkMatch4.7
OR
microsoft.net_frameworkMatch4.7.1
OR
microsoft.net_frameworkMatch4.7.2
AND
microsoftwindows_7Match-sp1
OR
microsoftwindows_8.1
OR
microsoftwindows_rt_8.1Match-
OR
microsoftwindows_server_2008Matchr2sp1
OR
microsoftwindows_server_2012
OR
microsoftwindows_server_2012Matchr2
Node
microsoft.net_frameworkMatch4.7.2
AND
microsoftwindows_10Match1803
OR
microsoftwindows_serverMatch1803
Node
microsoftpowershell_coreMatch6.0
OR
microsoftpowershell_coreMatch6.1
Node
microsoft.net_coreMatch1.0
OR
microsoft.net_coreMatch1.1
OR
microsoft.net_coreMatch2.0
Node
microsoft.net_framework_developer_packMatch4.7.2
Node
microsoftasp.net_coreMatch1.0
OR
microsoftasp.net_coreMatch1.1
OR
microsoftasp.net_coreMatch2.0
[
  {
    "product": "Microsoft .NET Framework",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1607 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1703 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1709 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 10 Version 1803 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 8.1 for 32-bit systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows 8.1 for x64-based systems"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server 2012"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server 2012 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server 2012 R2"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server 2012 R2 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server 2016"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server 2016  (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server, version 1709  (Server Core Installation)"
      },
      {
        "status": "affected",
        "version": "3.5 on Windows Server, version 1803  (Server Core Installation)"
      },
      {
        "status": "affected",
        "version": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows 8.1 for 32-bit systems"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows 8.1 for x64-based systems"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows RT 8.1"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2012"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2012 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2012 R2"
      },
      {
        "status": "affected",
        "version": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
      },
      {
        "status": "affected",
        "version": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
      },
      {
        "status": "affected",
        "version": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
      },
      {
        "status": "affected",
        "version": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "4.7.2 on Windows Server, version 1803  (Server Core Installation)"
      }
    ]
  },
  {
    "product": ".NET Core",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": "ASP.NET Core",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": ".NET Framework",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "4.7.2 Developer Pack"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 04:13Current
6.3Medium risk
Vulners AI Score6.3
CVSS 22.1
CVSS 35.5
EPSS0.00212
CWE-295
cve-2018-8356microsoft.net frameworksecurityvulnerabilitybypasscertificate validationasp.net corenvd
128