CVE-2017-8585: Input Validation
First published: Tue Jul 11 2017(Updated: )
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft .NET Framework | =4.6 | |
| Microsoft .NET Framework | =4.6.1 | |
| Microsoft .NET Framework | =4.6.2 | |
| Microsoft .NET Framework | =4.7 | |
| redhat/dotnetcore | <1.0.7 | 1.0.7 |
| redhat/dotnetcore | <1.1.4 | 1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/99432
- http://www.securitytracker.com/id/1038864
- https://access.redhat.com/errata/RHSA-2017:3248
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585
- https://github.com/dotnet/announcements/issues/34
- https://github.com/dotnet/corefx/issues/24703
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8585
- https://www.sidertia.com/Home/Community/Blog/2017/07/14/Microsoft-fixes-the-CVE-2017-8585-security-vulnerability-discovered-by-Sidertia-Team
- https://bugzilla.redhat.com/show_bug.cgi?id=1512982
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-8585
- agent/software-canonical-lookup
- agent/references
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft .net framework
- version/microsoft .net framework/4.6
- version/microsoft .net framework/4.6.1
- version/microsoft .net framework/4.6.2
- version/microsoft .net framework/4.7
- package-manager/redhat