Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018)

Medium Nessus Plugin ID 111071


The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.


The Microsoft ASP.NET Core installations on the remote
host are missing a security update. It is, therefore,
affected by the following vulnerability :

- A security feature bypass vulnerability exists when Microsoft
.NET Framework components do not correctly validate certificates.
An attacker could present expired certificates when challenged. The
security update addresses the vulnerability by ensuring that .NET
Framework components correctly validate certificates. (CVE-2018-8356)


Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 111071

File Name: smb_nt_ms18_jul_aspdotnet_core_CVE-2018-8356.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2018/07/13

Modified: 2018/09/17

Dependencies: 104667

Risk Information

Risk Factor: Medium

CVSS Score Source: manual

CVSS Score Rationale: Nvd score unavailable. assigned cvss score for bypass.

CVSS v2.0

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:microsoft:aspnet_core

Patch Publication Date: 2018/07/10

Vulnerability Publication Date: 2018/07/10

Reference Information

CVE: CVE-2018-8356

BID: 104664

MSKB: 4339279

MSFT: MS18-4339279