Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)

Medium Nessus Plugin ID 111070


The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.


The Microsoft .NET and ASP.NET installations on the remote
host are missing a security update. It is, therefore,
affected by the following vulnerability :

- A Security Feature Bypass vulnerability exists in
ASP.NET when the number of incorrect login attempts is
not validated. An attacker who successfully exploited
this vulnerability could try an infinite number of
authentication attempts. The update addresses the
vulnerability by validating the number of incorrect
login attempts. (CVE-2018-8171)


Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 111070

File Name: smb_nt_ms18_jul_aspdotnet_core_CVE-2018-8171.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/07/13

Modified: 2018/09/17

Dependencies: 104667

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Nvd score unavailable. assigned cvss score for bypass.

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:microsoft:aspnet_core

Patch Publication Date: 2018/07/10

Vulnerability Publication Date: 2018/07/10

Reference Information

CVE: CVE-2018-8171

BID: 104659

MSKB: 4339279

MSFT: MS18-4339279