Vigil@nce - ASP.NET Core 1.1.0: denial of service via HTTP
March 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malicious HTTP packets to an application
linked to ASP.NET Core 1.1.0, in order to trigger a denial of
service.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012,
Windows 2016.
Severity: 2/4.
Creation date: 30/01/2017.
DESCRIPTION OF THE VULNERABILITY
The ASP.NET Core 1.1.0 product manages received HTTP queries.
However, when malicious HTTP queries are received, a fatal error
occurs.
An attacker can therefore send malicious HTTP packets to an
application linked to ASP.NET Core 1.1.0, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/ASP-NET-Core-1-1-0-denial-of-service-via-HTTP-21708