Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018)
Medium Nessus Plugin ID 111071
SynopsisThe Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
DescriptionThe Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
- A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates.
An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validate certificates. (CVE-2018-8356)
SolutionUpdate ASP.NET Core, remove vulnerable packages and refer to vendor advisory.