Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2017-0248

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
microsoft / .net_framework 4.5.2 4.5.2.x
microsoft / .net_framework 2.0-sp2 2.0-sp2.x
microsoft / .net_framework 4.6.1 4.6.1.x
microsoft / .net_framework 4.6 4.6.x
microsoft / .net_framework 4.6.2 4.6.2.x
microsoft / .net_framework 3.5 3.5.x
microsoft / .net_framework 3.5.1 3.5.1.x
microsoft / .net_framework 4.7 4.7.x
.NET NuGet icon Microsoft.AspNetCore.Mvc 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Core 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Core 1.1.0 1.1.3
.NET NuGet icon System.Net.Http 4.1.1 4.1.1.x
.NET NuGet icon System.Net.Http 4.1.1 4.1.2
.NET NuGet icon System.Net.Http 4.3.1 4.3.1.x
.NET NuGet icon System.Net.Http 4.3.1 4.3.2
.NET NuGet icon System.Text.Encodings.Web 4.0.0 4.0.0.x
.NET NuGet icon System.Text.Encodings.Web 4.0.0 4.0.1
.NET NuGet icon System.Text.Encodings.Web 4.3.0 4.3.0.x
.NET NuGet icon System.Text.Encodings.Web 4.3.0 4.3.1
.NET NuGet icon System.Net.Http.WinHttpHandler 4.0.0 4.0.0.x
.NET NuGet icon System.Net.Http.WinHttpHandler 4.0.0 4.0.1
.NET NuGet icon System.Net.Http.WinHttpHandler 4.3.0 4.3.0.x
.NET NuGet icon System.Net.Http.WinHttpHandler 4.3.0 4.3.1
.NET NuGet icon System.Net.Security 4.0.0 4.0.0.x
.NET NuGet icon System.Net.Security 4.0.0 4.0.1
.NET NuGet icon System.Net.Security 4.3.0 4.3.0.x
.NET NuGet icon System.Net.Security 4.3.0 4.3.1
.NET NuGet icon System.Net.WebSockets.Client 4.0.0 4.0.0.x
.NET NuGet icon System.Net.WebSockets.Client 4.0.0 4.0.1
.NET NuGet icon System.Net.WebSockets.Client 4.3.0 4.3.0.x
.NET NuGet icon System.Net.WebSockets.Client 4.3.0 4.3.1
.NET NuGet icon Microsoft.AspNetCore.Mvc.Abstractions 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Abstractions 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.ApiExplorer 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.ApiExplorer 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Cors 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Cors 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.DataAnnotations 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.DataAnnotations 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Formatters.Json 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Formatters.Json 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Formatters.Xml 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Formatters.Xml 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Localization 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Localization 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Razor.Host 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Razor.Host 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.Razor 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.Razor 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.TagHelpers 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.TagHelpers 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.ViewFeatures 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.ViewFeatures 1.1.0 1.1.3
.NET NuGet icon Microsoft.AspNetCore.Mvc.WebApiCompatShim 1.0.0 1.0.4
.NET NuGet icon Microsoft.AspNetCore.Mvc.WebApiCompatShim 1.1.0 1.1.3