CVE-2018-8517 — Microsoft NET Framework vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

14.4%

top 5.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Framework Microsoft NET Framework

Timeline

PublishedDec 12

Latest updateMay 13

Description

A denial of service vulnerability exists when .NET Framework improperly handles special web requests, aka ".NET Framework Denial Of Service Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/net_framework9 versions+8

▶CVEListV5microsoft/microsoft_net_framework70 versions+69

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-6m2p-4g25-m3gv: A denial of service vulnerability exists when↗2022-05-13

▶

CVEList

CVE-2018-8517: A denial of service vulnerability exists when↗2018-12-12

▶

📋Vendor Advisories

Microsoft

.NET Framework Denial Of Service Vulnerability↗2018-12-11

▶