CVE-2017-0248
published 2017-05-12CVE-2017-0248: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
Affected
52 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft.aspnetcore.mvc.abstractions | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.abstractions | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.cors | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.cors | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.dataannotations | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.dataannotations | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.formatters.json | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.formatters.json | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.formatters.xml | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.formatters.xml | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.localization | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.localization | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.razor | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.razor | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.razor.host | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.razor.host | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.taghelpers | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.taghelpers | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.viewfeatures | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.viewfeatures | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.webapicompatshim | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.webapicompatshim | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | net_framework | — | — |