Main Vulnerability Database Vulnerabilities #VU5506

Improper input validation in ASP.NET Core MVC - #VU5506

Published: January 27, 2017 / Updated: January 30, 2017

Vulnerability identifier: #VU5506

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
ASP.NET Core MVC

Detailed vulnerability description

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists due to improper input validation when processing HTTP requests within Microsoft.AspNetCore.Mvc.Core. A remote attacker can send a specially crafted HTTP request to affected web service and cause denial of service (DoS).

Successful exploitation of the vulnerability may allow an attacker to perform denial of service attacks.

Remediation

Update ASP.NET Core MVC to version 1.1.1

Sources

https://technet.microsoft.com/en-us/library/security/4010983.aspx

Improper input validation in ASP.NET Core MVC - #VU5506

Detailed vulnerability description

Remediation

Sources

Please verify you're human