CVE-2017-0247

12.05.2017, 14:29

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
microsoft	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/aspnet/Announcements/issues/239

https://technet.microsoft.com/en-us/library/security/4021279.aspx

https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS

https://github.com/aspnet/Announcements/issues/239

https://technet.microsoft.com/en-us/library/security/4021279.aspx

https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS