Open mend-bolt-for-github[bot] opened 2 years ago
ASP.NET Core HTTP server that uses the Windows HTTP Server API.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.httpsys.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /packages/microsoft.aspnetcore.server.httpsys/2.0.1/microsoft.aspnetcore.server.httpsys.2.0.1.nupkg
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **microsoft.aspnetcore.server.httpsys.2.0.1.nupkg** (Vulnerable Library)
Found in base branch: master
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".
Publish Date: 2017-11-15
URL: CVE-2017-11883
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Release Date: 2017-11-14
Fix Resolution: Microsoft.AspNetCore.Server.WebListener - 1.0.6,1.1.4;Microsoft.Net.Http.Server - 1.0.6,1.1.4;Microsoft.AspNetCore.Server.HttpSys - 2.0.2
ASP.NET Core HTTP server that uses the Windows HTTP Server API.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.httpsys.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /packages/microsoft.aspnetcore.server.httpsys/2.0.1/microsoft.aspnetcore.server.httpsys.2.0.1.nupkg
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2017-11883
### Vulnerable Library - microsoft.aspnetcore.server.httpsys.2.0.1.nupkgASP.NET Core HTTP server that uses the Windows HTTP Server API.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.httpsys.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /packages/microsoft.aspnetcore.server.httpsys/2.0.1/microsoft.aspnetcore.server.httpsys.2.0.1.nupkg
Dependency Hierarchy: - :x: **microsoft.aspnetcore.server.httpsys.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability Details.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".
Publish Date: 2017-11-15
URL: CVE-2017-11883
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2017-11-14
Fix Resolution: Microsoft.AspNetCore.Server.WebListener - 1.0.6,1.1.4;Microsoft.Net.Http.Server - 1.0.6,1.1.4;Microsoft.AspNetCore.Server.HttpSys - 2.0.2
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)