Test ID:	1.3.6.1.4.1.25623.1.0.812099
Category:	Windows
Title:	Microsoft ASP.NET Core Denial of Service Vulnerability
Summary:	This host is missing an important security; update according to Microsoft advisory (CVE-2017-11883).
Description:	Summary: This host is missing an important security update according to Microsoft advisory (CVE-2017-11883). Vulnerability Insight: The flaw exists due to an error in ASP.NET Core which improperly handles certain crafted web requests. Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial-of-service condition. Affected Software/OS: - Microsoft ASP.NET Core 1.0 using packages 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' with version 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 or 1.0.5 - Microsoft ASP.NET Core 1.1 using packages 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' with version 1.1.0, 1.1.1, 1.1.2 or 1.1.3 - Microsoft ASP.NET Core 2.0 using packages 'Microsoft.AspNetCore.Server.HttpSys' with version 2.0.0 and 2.0.1 Solution: Upgrade Microsoft ASP.NET Core 1.0 to use package 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' version 1.0.6 or later. Also upgrade Microsoft ASP.NET Core 1.1 to use package 'Microsoft.AspNetCore.Server.WebListener' and 'Microsoft.Net.Http.Server' version 1.1.4 or later. Upgrade Microsoft ASP.NET Core 2.0 to use package 'Microsoft.AspNetCore.Server.HttpSys' version 2.0.2 or later. Please see the references for more info. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11883 BugTraq ID: 101835 http://www.securityfocus.com/bid/101835 http://www.securitytracker.com/id/1039793
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.