CVE-2018-8269
published 2018-09-13CVE-2018-8269: A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects…
PriorityP354high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
25.75%
97.7th percentile
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft.data.odata | — | — |
| microsoft | microsoft.data.odata | >= 0 < 5.8.4 | 5.8.4 |
| msrc | asp.net_core_2.1 | — | — |
| msrc | asp.net_core_2.2 | — | — |
| msrc | microsoft.data.odata | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Denial of service in ASP.NET Core
osv·2018-10-16
CVE-2018-8269 [HIGH] Denial of service in ASP.NET Core
Denial of service in ASP.NET Core
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
GHSA
Denial of service in ASP.NET Core
ghsa·2018-10-16
CVE-2018-8269 [HIGH] Denial of service in ASP.NET Core
Denial of service in ASP.NET Core
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
Microsoft
OData Denial of Service Vulnerability
vendor_msrc·2018-09-11·CVSS 7.5
CVE-2018-8269 [HIGH] OData Denial of Service Vulnerability
OData Denial of Service Vulnerability
Description: A denial of service vulnerability exists when OData Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an OData web application.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the OData application.
The update addresses the vulnerability by correcting how the OData web application handles web requests.
ASP.NET: ASP.NET
Issuing CNA: Microsoft
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://www.nuget.org/package
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105322https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269https://www.exploit-db.com/exploits/46101/http://www.securityfocus.com/bid/105322https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269https://www.exploit-db.com/exploits/46101/
2018-09-13
Published