Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-0248

Good to know:

icon
icon

Date: May 12, 2017

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

Language: C#

Severity Score

Related Resources (7)

http://www.securitytracker.com/id/1038458
https://nvd.nist.gov/vuln/detail/CVE-2017-0248
http://www.securityfocus.com/bid/98117
https://github.com/aspnet/Announcements/issues/239
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248
https://github.com/advisories/GHSA-ch6p-4jcm-h8vh
https://www.mend.io/vulnerability-database/CVE-2017-0248

Severity Score

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Security Features

CWE-254

Top Fix

icon

Upgrade Version

Upgrade to version Microsoft.AspNetCore.Mvc - 1.0.4;Microsoft.AspNetCore.Mvc - 1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4;Microsoft.AspNetCore.Mvc.Core - 1.1.3;System.Net.Http - 4.1.2;System.Net.Http - 4.3.2;System.Text.Encodings.Web - 4.0.1;System.Text.Encodings.Web - 4.3.1;System.Net.Http.WinHttpHandler - 4.0.1;System.Net.Http.WinHttpHandler - 4.3.1;System.Net.Security - 4.0.1;System.Net.Security - 4.3.1;System.Net.WebSockets.Client - 4.0.1;System.Net.WebSockets.Client - 4.3.1;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4;Microsoft.AspNetCore.Mvc.Abstractions - 1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4;Microsoft.AspNetCore.Mvc.Cors - 1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4;Microsoft.AspNetCore.Mvc.Localization - 1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4;Microsoft.AspNetCore.Mvc.Razor.Host - 1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4;Microsoft.AspNetCore.Mvc.Razor - 1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4;Microsoft.AspNetCore.Mvc.TagHelpers - 1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.1.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us