Main Vulnerability Database Vulnerabilities #VU5506

#VU5506 Improper input validation in ASP.NET Core MVC

Published: January 27, 2017 / Updated: January 30, 2017

Vulnerability identifier: #VU5506

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ASP.NET Core MVC

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists due to improper input validation when processing HTTP requests within Microsoft.AspNetCore.Mvc.Core. A remote attacker can send a specially crafted HTTP request to affected web service and cause denial of service (DoS).

Successful exploitation of the vulnerability may allow an attacker to perform denial of service attacks.

Remediation

Update ASP.NET Core MVC to version 1.1.1

External links

https://technet.microsoft.com/en-us/library/security/4010983.aspx