.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka .NET CORE Denial Of Service Vulnerability.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aspnetcore | Microsoft | 1.0 (including) | 1.0 (including) |
| Aspnetcore | Microsoft | 1.1 (including) | 1.1 (including) |
| Aspnetcore | Microsoft | 2.0 (including) | 2.0 (including) |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet20-dotnet-0:2.0.3-4.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet20-dotnet-0:2.0.3-4.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet20-dotnet-0:2.0.3-4.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore10-dotnetcore-0:1.0.8-1.el7 | * |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnetcore11-dotnetcore-0:1.1.5-1.el7 | * |