| Title | Microsoft .NET Framework および .NET Core におけるサービス運用妨害 (DoS) の脆弱性 |
|---|---|
| Summary | Microsoft .NET Framework および .NET Core には、XML ドキュメントの処理に不備があるため、サービス運用妨害 (DoS) 状態にされる脆弱性が存在します。 ベンダは、本脆弱性を「.NET および .NET Core のサービス拒否の脆弱性」として公開しています。 本脆弱性は、CVE-2018-0765 とは異なる脆弱性です。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Jan. 9, 2018, midnight |
| Registration Date | Feb. 2, 2018, 12:40 p.m. |
| Last Update | Feb. 2, 2018, 12:40 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| マイクロソフト |
| .NET Core 1.0 |
| .NET Core 1.1 |
| .NET Core 2.0 |
| Microsoft .NET Framework 2.0 SP2 |
| Microsoft .NET Framework 3.0 SP2 |
| Microsoft .NET Framework 3.5 |
| Microsoft .NET Framework 3.5.1 |
| Microsoft .NET Framework 4.5.2 |
| Microsoft .NET Framework 4.6 |
| Microsoft .NET Framework 4.6.1 |
| Microsoft .NET Framework 4.6.2 |
| Microsoft .NET Framework 4.7 |
| Microsoft .NET Framework 4.7.1 |
| PowerShell Core 6.0.0 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2018年02月02日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. |
|---|---|
| Publication Date | Jan. 10, 2018, 10:29 a.m. |
| Registration Date | March 1, 2021, 6:38 p.m. |
| Last Update | Nov. 21, 2024, 12:38 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:* | ||||
| 5 | cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||||
| 6 | cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||||
| 7 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||||
| 8 | cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||||
| 3 | cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* | ||||
| 5 | cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||||
| 6 | cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||||
| 7 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* | ||||
| 3 | cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* | ||||
| 4 | cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* | ||||
| 5 | cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* | ||||
| 6 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* | ||||