Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018)

Medium Nessus Plugin ID 111071

Synopsis

The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.

Description

The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :

- A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates.
An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validate certificates. (CVE-2018-8356)

Solution

Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.

See Also

http://www.nessus.org/u?3e10f501

https://github.com/aspnet/Announcements/issues/311

Plugin Details

Severity: Medium

ID: 111071

File Name: smb_nt_ms18_jul_aspdotnet_core_CVE-2018-8356.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/07/13

Modified: 2018/09/17

Dependencies: 104667

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Nvd score unavailable. assigned cvss score for bypass.

CVSSv2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 5.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:microsoft:aspnet_core

Required KB Items: installed_sw/ASP .NET Core Windows

Patch Publication Date: 2018/07/10

Vulnerability Publication Date: 2018/07/10

Reference Information

CVE: CVE-2018-8356

BID: 104664

MSKB: 4339279

MSFT: MS18-4339279