CVE-2017-0248
UNKNOWN
Published 2017-05-12T14:00:00
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-0248. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
GHSA-ch6p-4jcm-h8vhAdvisory Details
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
Affected Packages
NuGet
Microsoft.AspNetCore.Mvc
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Core
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Core
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
System.Net.Http
ECOSYSTEM:
≥4.1.1
<4.1.2
NuGet
System.Net.Http
ECOSYSTEM:
≥4.3.1
<4.3.2
NuGet
System.Text.Encodings.Web
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Text.Encodings.Web
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.Http.WinHttpHandler
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.Http.WinHttpHandler
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.Security
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.Security
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.WebSockets.Client
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.WebSockets.Client
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
Microsoft.AspNetCore.Mvc.Abstractions
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Abstractions
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.ApiExplorer
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.ApiExplorer
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Cors
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Cors
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.DataAnnotations
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.DataAnnotations
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Json
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Json
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Xml
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Xml
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Localization
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Localization
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Razor.Host
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Razor.Host
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Razor
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Razor
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.TagHelpers
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.TagHelpers
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.ViewFeatures
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.ViewFeatures
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.WebApiCompatShim
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.WebApiCompatShim
ECOSYSTEM:
≥1.1.0
<1.1.3
CVSS Scoring
CVSS Score
5.0
References
Advisory provided by GitHub Security Advisory Database. Published: October 16, 2018, Modified: February 28, 2024
References
Published: 2017-05-12T14:00:00
Last Modified: 2024-08-05T12:55:19.143Z
Copied to clipboard!