5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.1%
This host is missing an important security
update according to Microsoft advisory (CVE-2017-11883).
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.812099");
script_version("2023-07-14T16:09:27+0000");
script_cve_id("CVE-2017-11883");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"last_modification", value:"2023-07-14 16:09:27 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");
script_tag(name:"creation_date", value:"2017-11-20 15:14:33 +0530 (Mon, 20 Nov 2017)");
script_name("Microsoft ASP.NET Core Denial of Service Vulnerability");
script_xref(name:"URL", value:"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/101835");
script_xref(name:"URL", value:"https://github.com/aspnet/announcements/issues/278");
script_tag(name:"summary", value:"This host is missing an important security
update according to Microsoft advisory (CVE-2017-11883).");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw exists due to an error in ASP.NET
Core which improperly handles certain crafted web requests.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to cause a denial-of-service condition.");
script_tag(name:"affected", value:"- Microsoft ASP.NET Core 1.0 using packages 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' with version 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 or 1.0.5
- Microsoft ASP.NET Core 1.1 using packages 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' with version 1.1.0, 1.1.1, 1.1.2 or 1.1.3
- Microsoft ASP.NET Core 2.0 using packages 'Microsoft.AspNetCore.Server.HttpSys' with version 2.0.0 and 2.0.1");
script_tag(name:"solution", value:"Upgrade Microsoft ASP.NET Core 1.0 to use
package 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server'
version 1.0.6 or later. Also upgrade Microsoft ASP.NET Core 1.1 to use package
'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' version
1.1.4 or later. Upgrade Microsoft ASP.NET Core 2.0 to use package
'Microsoft.AspNetCore.Server.HttpSys' version 2.0.2 or later.
Please see the references for more info.");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"solution_type", value:"VendorFix");
script_copyright("Copyright (C) 2017 Greenbone AG");
script_category(ACT_GATHER_INFO);
script_family("Windows");
script_dependencies("smb_reg_service_pack.nasl", "gb_wmi_access.nasl", "lsc_options.nasl");
script_mandatory_keys("WMI/access_successful", "SMB/WindowsVersion");
script_exclude_keys("win/lsc/disable_wmi_search");
exit(0);
}
include("smb_nt.inc");
include("version_func.inc");
include("misc_func.inc");
include("wmi_file.inc");
include("list_array_func.inc");
infos = kb_smb_wmi_connectinfo();
if( ! infos ) exit( 0 );
handle = wmi_connect( host:infos["host"], username:infos["username_wmi_smb"], password:infos["password"] );
if( ! handle ) exit( 0 );
# TODO: Limit to a possible known common path
fileList1 = wmi_file_fileversion( handle:handle, fileName:"Microsoft.AspNetCore.Server.WebListener", fileExtn:"dll", includeHeader:FALSE );
fileList2 = wmi_file_fileversion( handle:handle, fileName:"Microsoft.Net.Http.Server", fileExtn:"dll", includeHeader:FALSE );
fileList3 = wmi_file_fileversion( handle:handle, fileName:"Microsoft.AspNetCore.Server.HttpSys", fileExtn:"dll", includeHeader:FALSE );
wmi_close( wmi_handle:handle );
if( ! fileList1 && ! fileList2 && ! fileList3 ) {
exit( 0 );
}
report = "";
if( fileList1 && is_array( fileList1 ) ) {
foreach filePath1( keys( fileList1 ) ) {
vers1 = fileList1[filePath1];
if( vers1 && version1 = eregmatch( string:vers1, pattern:"^([0-9.]+)" ) ) {
if( version1[1] =~ "^1\.0" && version_is_less( version:version1[1], test_version:"1.0.6" ) ) {
VULN = TRUE;
report += report_fixed_ver( file_version:version1[1], file_checked:filePath1, fixed_version:"1.0.6" ) + '\n';
} else if( version1[1] =~ "^1\.1" && version_is_less( version:version1[1], test_version:"1.1.4" ) ) {
VULN = TRUE;
report += report_fixed_ver( file_version:version1[1], file_checked:filePath1, fixed_version:"1.1.4" ) + '\n';
}
}
}
}
if( fileList2 && is_array( fileList2 ) ) {
foreach filePath2( keys( fileList2 ) ) {
vers2 = fileList2[filePath2];
if( vers2 && version2 = eregmatch( string:vers2, pattern:"^([0-9.]+)" ) ) {
if( version2[1] =~ "^1\.0" && version_is_less( version:version2[1], test_version:"1.0.6" ) ) {
VULN = TRUE;
report += report_fixed_ver( file_version:version2, file_checked:filePath2, fixed_version:"1.0.6" ) + '\n';
} else if( version2[1] =~ "^1\.1" && version_is_less( version:version2[1], test_version:"1.1.4" ) ) {
VULN = TRUE;
report += report_fixed_ver( file_version:version2[1], file_checked:filePath2, fixed_version:"1.1.4" ) + '\n';
}
}
}
}
if( fileList3 && is_array( fileList3 ) ) {
foreach filePath3( keys( fileList3 ) ) {
vers3 = fileList3[filePath3];
if( vers3 && version3 = eregmatch( string:vers3, pattern:"^([0-9.]+)" ) ) {
if( version3[1] =~ "^2\.0" && version_is_less( version:version3[1], test_version:"2.0.2" ) ) {
VULN = TRUE;
report += report_fixed_ver( file_version:version3[1], file_checked:filePath3, fixed_version:"2.0.2" ) + '\n';
}
}
}
}
if( VULN ) {
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.1%