Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2018-0607
Good to know:
Date: July 10, 2018
Denial of service vulnerability in ASP.NET Core when a malformed request is terminated.
Language: C#
Severity Score
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400Top Fix
Upgrade Version
Upgrade to version Microsoft.ServiceFabric.AzureFiles.VolumePlugin - no_fix;JonasMH.Swashbuckle.AspNetCore.Cli - no_fix;MicrosoftDynamicsManager - 1.0.1;Stubby.ConsoleRunner - no_fix;wk.VideoServer - no_fix;Tennis - no_fix;Microsoft.ServiceFabric.VolumeDriver - no_fix;Swashbuckle.AspNetCore.Cli.Gpn - no_fix;Xam.Plugin.LiveSync - no_fix;NSwag.MSBuild - 12.0.2;Microsoft.Azure.SignalR.Benchmark - no_fix;Minima.GlobalTool - no_fix;Musement.LambdaExec - no_fix;Microsoft.AspNetCore.All - 2.0.9;Microsoft.AspNetCore.All - 2.1.2;dotnet-oads - 1.2.2;Diffstore.DBMS - no_fix;codemanderdebugger-x86 - 1.0.12;lunet - 0.1.0-alpha.2;Microsoft.AspNetCore.Server.Kestrel.Core - 2.0.4;Microsoft.AspNetCore.Server.Kestrel.Core - 2.1.2;VirtoCommerce.GlobalTool - 3.810.0-alpha.236;VirtoCommerce.GlobalTool - 3.0.0-beta0004;ReactES6.Web - 0.0.4;codemanderdebugger-x64 - 1.0.12;Swashbuckle.AspNetCore.Cli - 7.0.0;JoeDoe.Swashbuckle.AspNetCore.Cli - no_fix;Plexus.Interop.Broker.Redist-win-x86 - 0.4.0-beta.1;ind-studio-scada - no_fix;codemanderdebugger - no_fix;SourceBrowser - 1.0.19;Microsoft.dotnet-signalr-benchmark - 1.0.0-preview2.19516.1;MarkdownPages.CLI - no_fix;Microsoft.AspNetCore.App - 2.1.2;asvishnyakov.VirtoCommerce.GlobalTool - no_fix;Higrow.AspNetCore.Cli - 6.5.1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |