Asp Net Model View Controller
CVE-2017-0247
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
AnalysisAI
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.
Technical ContextAI
This vulnerability is classified under CWE-20. A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Affected products include: Microsoft Asp.Net Model View Controller, Microsoft Microsoft.Aspnetcore.Mvc.Abstractions, Microsoft Microsoft.Aspnetcore.Mvc.Apiexplorer, Microsoft Microsoft.Aspnetcore.Mvc.Cors, Microsoft Microsoft.Aspnetcore.Mvc.Dataannotations. Version information: before 1.0.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Rated high
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 thro
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated,
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Rated medium severity (CV
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today