Vulnerability in Microsoft Asp.net Core
CVE-2018-8356
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET F…
EPSS: 0.002 (43.8th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Asp.net Core — versions 1.0, 1.1, 2.0
- Microsoft .Net Framework — versions 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .Net Core — versions 1.0, 1.1, 2.0
- Microsoft .Net Framework — versions 4.7.2 Developer Pack
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 (x_refsource_CONFIRM)
- 104664 (vdb-entry, x_refsource_BID)
- 1041257 (vdb-entry, x_refsource_SECTRACK)