.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka .NET CORE Denial Of Service Vulnerability.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Aspnetcore | Microsoft | 1.0 (including) | 1.0 (including) |
Aspnetcore | Microsoft | 1.1 (including) | 1.1 (including) |
Aspnetcore | Microsoft | 2.0 (including) | 2.0 (including) |