Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2018 Greenbone AGOPENVAS:1361412562310813043
HistoryMar 16, 2018 - 12:00 a.m.

ASP.NET Core Denial of Service Vulnerability - Windows

2018-03-1600:00:00
Copyright (C) 2018 Greenbone AG
plugins.openvas.org
44

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

JSON

ASP.NET Core is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:microsoft:asp.net_core";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.813043");
  script_version("2024-02-15T05:05:40+0000");
  script_cve_id("CVE-2018-0875");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-08-24 17:37:00 +0000 (Mon, 24 Aug 2020)");
  script_tag(name:"creation_date", value:"2018-03-16 11:09:04 +0530 (Fri, 16 Mar 2018)");
  script_name("ASP.NET Core Denial of Service Vulnerability - Windows");

  script_tag(name:"summary", value:"ASP.NET Core is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists in the way that .NET Core
  handles specially crafted requests, causing a hash collision.");

  script_tag(name:"impact", value:"Successful exploitation will allow an
  attacker to cause performance to degrade significantly enough to cause a
  denial of service condition.");

  script_tag(name:"affected", value:".NET Core 1.0.9 and prior, 1.1.x to 1.1.6, and 2.0.x to  2.0.5 and
  .NET Core SDK prior to versions 1.1.8, 2.1.x to 2.1.101.");

  script_tag(name:"solution", value:"Upgrade to .NET Core runtimes to versions
  1.0.10, 1.1.7 or 2.0.6 or later or upgrade to .NET Core SDK to versions 1.1.8
  or 2.1.101 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://github.com/dotnet/announcements/issues/62");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/103225");
  script_xref(name:"URL", value:"https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.0-preview1.md");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone AG");
  script_family("Windows");
  script_dependencies("gb_asp_dotnet_core_detect_win.nasl");
  script_mandatory_keys("ASP.NET/Core/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);
coreVers = infos['version'];
path = infos['location'];

if(!coreVers || coreVers !~ "^(1\.[01]|2\.0)"){
  exit(0);
}

if(!corerunVer = get_kb_item(".NET/Core/Runtime/Ver"))
{
  if(!codesdkVer = get_kb_item(".NET/Core/SDK/Ver")){
    exit(0);
  }
}

if(corerunVer)
{
  if(version_in_range(version:corerunVer, test_version:"1.0", test_version2:"1.0.9")){
    fix = "1.0.10";
  }
  else if(version_in_range(version:corerunVer, test_version:"1.1", test_version2:"1.1.6")){
    fix = "1.1.7";
  }
  else if(version_in_range(version:corerunVer, test_version:"2.0", test_version2:"2.0.5")){
    fix = "2.0.6";
  }
}

else if(codesdkVer)
{
  if(version_in_range(version:codesdkVer, test_version:"1.1", test_version2:"1.1.7")){
    fix1 = "1.1.8";
  }
  else if(version_in_range(version:codesdkVer, test_version:"2.1", test_version2:"2.1.100")){
    fix1 = "2.1.101";
  }
}

if(fix)
{
  report = report_fixed_ver(installed_version:"ASP .NET Core With Microsoft .NET Core runtimes " + corerunVer,
               fixed_version:"ASP .NET Core With Microsoft .NET Core runtimes version " + fix, install_path:path);
  security_message(data:report);
  exit(0);
}

else if(fix1)
{
  report = report_fixed_ver(installed_version:"ASP .NET Core With Microsoft .NET Core SDK " + codesdkVer,
               fixed_version:"ASP .NET Core With Microsoft .NET Core SDK version " + fix1, install_path:path);
  security_message(data:report);
  exit(0);
}

exit(0);

Related

redhatcve 1
nvd 1
cve 1
openvas 3
mscve 1
veracode 2
nessus 2
osv 2
cvelist 1
symantec 1
prion 1
redhat 1
github 1
kaspersky 1
trendmicroblog 1
talosblog 1
redhatcve
redhatcve
CVE-2018-0875
2018-03-13 16:49:41
nvd
nvd
CVE-2018-0875
2018-03-14 17:29:00
cve
cve
CVE-2018-0875
2018-03-14 17:29:00
openvas
openvas
Microsoft PowerShell Core Denial of Service Vulnerability - Linux
2018-03-16 00:00:00
Microsoft PowerShell Core Denial of Service Vulnerability - Windows
2018-03-16 00:00:00
Microsoft PowerShell Core Denial of Service Vulnerability - Mac OS X
2018-03-16 00:00:00
mscve
mscve
.NET Core Denial of Service Vulnerability
2018-03-13 07:00:00
veracode
veracode
Denial Of Service (DoS)
2018-06-29 05:20:44
Denial Of Service (DoS)
2019-01-15 09:23:07
nessus
nessus
RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2018:0522)
2018-03-16 00:00:00
Security Update for .NET Core (March 2018)
2018-03-16 00:00:00
osv
osv
CVE-2018-0875
2018-03-14 17:29:00
.NET Core Denial of Service Vulnerability
2022-05-13 01:07:06
cvelist
cvelist
CVE-2018-0875
2018-03-14 00:00:00
symantec
symantec
Microsoft .NET CVE-2018-0875 Denial Of Service Vulnerability
2018-03-13 00:00:00
prion
prion
Denial of service
2018-03-14 17:29:00
redhat
redhat
(RHSA-2018:0522) Low: .NET Core on Red Hat Enterprise Linux security update
2018-03-14 15:29:37
github
github
.NET Core Denial of Service Vulnerability
2022-05-13 01:07:06
kaspersky
kaspersky
KLA11210 Multiple vulnerabilities in Microsoft Developer Tools
2018-03-13 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
2018-03-16 15:14:43
talosblog
talosblog
Microsoft Patch Tuesday - March 2018
2018-03-13 14:38:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

JSON
Related for OPENVAS:1361412562310813043
redhatcve1nvd1cve1openvas3mscve1veracode2nessus2osv2cvelist1symantec1prion1redhat1github1kaspersky1trendmicroblog1talosblog1