Endpoint Vulnerability

Microsoft: .NET Framework Denial Of Service Vulnerability

Description

A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.

Affected Products

Microsoft .NET Framework 4.5.2 on Windows RT 8.1,Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation),Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation),Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1,Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation),Windows Server 2016,Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation),Windows Server 2012,Windows 8,Windows Server 2008

References

CVE-2018-8517,