ASP.NET Core fails to properly validate web requests

🗓️ 16 Oct 2018 19:58:05Reported by GitHub Advisory DatabaseType

ASP.NET Core denial of service vulnerabilit

Reporter	Title	Published	Views	Family All 10
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix	15 Jun 201807:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation	4 May 202218:53	–	ibm
CNVD	Microsoft ASP.NET Core Denial of Service Vulnerability	19 May 201700:00	–	cnvd
CVE	CVE-2017-0247	12 May 201714:00	–	cve
Cvelist	CVE-2017-0247	12 May 201714:00	–	cvelist
NVD	CVE-2017-0247	12 May 201714:29	–	nvd
OSV	CVE-2017-0247	12 May 201714:29	–	osv
OSV	GHSA-6XH7-4V2W-36Q6 ASP.NET Core fails to properly validate web requests	16 Oct 201819:58	–	osv
Prion	Denial of service	12 May 201714:29	–	prion
Veracode	Denial Of Service (DoS)	9 Jul 201802:15	–	veracode

Vulners

Node

microsoft system.net.http.winhttphandlerRange4.3.0–4.5.4nuget

microsoft aspnetcore.mvc.webapicompatshimRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.webapicompatshimRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.viewfeaturesRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.viewfeaturesRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.taghelpersRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.taghelpersRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.razorRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.razorRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.razor.hostRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.razor.hostRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.localizationRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.localizationRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.formatters.xmlRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.formatters.xmlRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.formatters.jsonRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.formatters.jsonRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.dataannotationsRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.dataannotationsRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.corsRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.corsRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.apiexplorerRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.apiexplorerRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvc.abstractionsRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.abstractionsRange1.0.0–1.0.4nuget

microsoft system.net.websockets.clientMatch4.3.0nuget

microsoft system.net.websockets.clientMatch4.0.0nuget

microsoft system.net.securityMatch4.3.0nuget

microsoft system.net.securityMatch4.0.0nuget

microsoft system.net.http.winhttphandlerMatch4.0.0nuget

microsoft system.text.encodings.webMatch4.3.0nuget

microsoft system.text.encodings.webMatch4.0.0nuget

microsoft system.net.httpMatch4.3.1nuget

microsoft system.net.httpMatch4.1.1nuget

microsoft aspnetcore.mvc.coreRange1.1.0–1.1.3nuget

microsoft aspnetcore.mvc.coreRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvcRange1.0.0–1.0.4nuget

microsoft aspnetcore.mvcRange1.1.0–1.1.3nuget

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-0247
github	www.github.com/aspnet/Announcements/issues/239
github	www.github.com/advisories/GHSA-6xh7-4v2w-36q6
technet	www.technet.microsoft.com/en-us/library/security/4021279.aspx
sidertia	www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS

01 Feb 2023 05:03Current

5.1Medium risk

Vulners AI Score5.1

CVSS 25

CVSS 37.5

EPSS0.11122

CWE-20