What is CVE-2018-8356?

CVE-2018-8356 is a security feature bypass vulnerability in Microsoft .NET Framework components.

How severe is the vulnerability CVE-2018-8356?

The severity of CVE-2018-8356 is medium, with a severity value of 5.5.

How does CVE-2018-8356 work?

CVE-2018-8356 occurs when Microsoft .NET Framework components fail to correctly validate certificates, leading to a security feature bypass.

Where can I find more information about CVE-2018-8356?

More information about CVE-2018-8356 can be found on the following websites: http://www.securityfocus.com/bid/104664, http://www.securitytracker.com/id/1041257, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356.

Vulnerability/
CVE-2018-8356

medium

5.5

CWE

295

11/7/2018

23/5/2022

CVE-2018-8356

First published: Wed Jul 11 2018(Updated: )

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft .NET Framework	=3.0-sp2
Microsoft Windows Server 2008	=sp2
Microsoft .NET Framework	=3.5
Microsoft Windows 10
Microsoft Windows 10	=1607
Microsoft Windows 10	=1703
Microsoft Windows 10	=1709
Microsoft Windows 10	=1803
Microsoft Windows 8.1
Microsoft Windows Server	=1803
Microsoft Windows Server 2012
Microsoft Windows Server 2012	=r2
Microsoft Windows Server 2016
Microsoft .NET Framework	=3.5.1
Microsoft Windows 7	=sp1
Microsoft Windows Server 2008	=r2-sp1
Microsoft .NET Framework	=4.5.2
Microsoft Windows RT 8.1
Microsoft Windows Server 2008	=sp2
Microsoft .NET Framework	=4.6
Microsoft .NET Framework	=4.6.2
Microsoft .NET Framework	=4.7
Microsoft .NET Framework	=4.7.1
Microsoft .NET Framework	=4.7.2
Microsoft Windows Server 2016
Microsoft .NET Framework	=4.6.1
Microsoft Powershell Core	=6.0
Microsoft Powershell Core	=6.1
Microsoft .NET Core	=1.0
Microsoft .NET Core	=1.1
Microsoft .NET Core	=2.0
Microsoft .net Framework Developer Pack	=4.7.2
Microsoft ASP.NET Core	=1.0
Microsoft ASP.NET Core	=1.1
Microsoft ASP.NET Core	=2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-8356?
CVE-2018-8356 is a security feature bypass vulnerability in Microsoft .NET Framework components.
Which versions of .NET Framework are affected by CVE-2018-8356?
CVE-2018-8356 affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.
How severe is the vulnerability CVE-2018-8356?
The severity of CVE-2018-8356 is medium, with a severity value of 5.5.
How does CVE-2018-8356 work?
CVE-2018-8356 occurs when Microsoft .NET Framework components fail to correctly validate certificates, leading to a security feature bypass.
Where can I find more information about CVE-2018-8356?
More information about CVE-2018-8356 can be found on the following websites: http://www.securityfocus.com/bid/104664, http://www.securitytracker.com/id/1041257, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356.

agent/type
agent/softwarecombine
agent/last-modified-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/references
agent/severity
agent/remedy
agent/weakness
agent/author
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/microsoft
canonical/microsoft .net framework
version/microsoft .net framework/3.0-sp2
canonical/microsoft windows server 2008
version/microsoft windows server 2008/sp2
version/microsoft .net framework/3.5
canonical/microsoft windows 10
version/microsoft windows 10/1607
version/microsoft windows 10/1703
version/microsoft windows 10/1709
version/microsoft windows 10/1803
canonical/microsoft windows 8.1
canonical/microsoft windows server
version/microsoft windows server/1803
canonical/microsoft windows server 2012
version/microsoft windows server 2012/r2
canonical/microsoft windows server 2016
version/microsoft .net framework/3.5.1
canonical/microsoft windows 7
version/microsoft windows 7/sp1
version/microsoft windows server 2008/r2-sp1
version/microsoft .net framework/4.5.2
canonical/microsoft windows rt 8.1
version/microsoft .net framework/4.6
version/microsoft .net framework/4.6.2
version/microsoft .net framework/4.7
version/microsoft .net framework/4.7.1
version/microsoft .net framework/4.7.2
version/microsoft .net framework/4.6.1
canonical/microsoft powershell core
version/microsoft powershell core/6.0
version/microsoft powershell core/6.1
canonical/microsoft .net core
version/microsoft .net core/1.0
version/microsoft .net core/1.1
version/microsoft .net core/2.0
canonical/microsoft .net framework developer pack
version/microsoft .net framework developer pack/4.7.2
canonical/microsoft asp.net core
version/microsoft asp.net core/1.0
version/microsoft asp.net core/1.1
version/microsoft asp.net core/2.0

CVE-2018-8356

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-8356?

Which versions of .NET Framework are affected by CVE-2018-8356?

How severe is the vulnerability CVE-2018-8356?

How does CVE-2018-8356 work?

Where can I find more information about CVE-2018-8356?

Company

Resources

Contact