microsoft asp-net-model-view-controller CVE-2017-0247 vulnerability in Microsoft Products
Published on May 12, 2017

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

NVD


Products Associated with CVE-2017-0247

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Asp Net Model View Controller
 
Microsoft Aspnetcore Mvc Abstractions
 
Microsoft Aspnetcore Mvc Apiexplorer
 
Microsoft Aspnetcore Mvc Dataannotations
 
Microsoft Aspnetcore Mvc Formatters Xml
 
Microsoft System Text Encodings Web
 
Microsoft Aspnetcore Mvc Razor Host
 
Microsoft Aspnetcore Mvc Viewfeatures
 
Microsoft System Net Websockets Client
 
Microsoft Aspnetcore Mvc Localization
 
Microsoft Aspnetcore Mvc Formatters Json
 
Microsoft Aspnetcore Mvc Cors
 
Microsoft Aspnetcore Mvc Taghelpers
 
Microsoft Aspnetcore Mvc Webapicompatshim
 
Microsoft Aspnetcore Mvc Razor
 
Microsoft System Net Security
 
Microsoft System Net Http
 
Microsoft System Net Http Winhttphandler
 

Affected Versions

Microsoft Corporation ASP.NET Core Version ASP.NET Core is affected by CVE-2017-0247

Exploit Probability

EPSS
11.12%
Percentile
93.36%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.