Security Updates for Microsoft .NET core and ASP.NET Core (DoS) (September 2018)

high Nessus Plugin ID 117481

Synopsis

The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages..

Description

The Microsoft ASP.NET Core installation on the remote host contains vulnerable packages. It is, therefore,affected by a Denial of Service vulnerability.

Solution

Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.

See Also

http://www.nessus.org/u?ffb9c6e3

http://www.nessus.org/u?08628312

https://github.com/aspnet/announcements/issues/316

https://github.com/dotnet/announcements/issues/83

Plugin Details

Severity: High

ID: 117481

File Name: smb_nt_ms18_sep_aspdotnet_core_CVE-2018-8409.nasl

Version: 1.8

Type: local

Agent: windows

Published: 9/13/2018

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-8409

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:asp.net_core

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2018

Vulnerability Publication Date: 9/11/2018

Reference Information

CVE: CVE-2018-8409

BID: 105223