Vulnerability Name: CVE-2018-0765 (CCN-136902) Assigned: 2017-12-01 Published: 2018-05-08 Updated: 2018-06-14 Summary: A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-611 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2018-0765 104060 Microsoft .NET CVE-2018-0765 Denial Of Service Vulnerability 1040851 ms-dotnet-cve20180765-dos(136902) .NET and .NET Core Denial Of Service Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_core:2.0:*:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:* Configuration 4 :cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* Configuration 5 :cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Configuration 6 :cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* Configuration 7 :cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Configuration 8 :cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* Configuration 9 :cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Configuration 10 :cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* Configuration 11 :cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:* Configuration 12 :cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_core:2.0:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:* BACK
microsoft .net core 2.0
microsoft .net framework 2.0 sp2
microsoft .net framework 3.0 sp2
microsoft windows server 2008 * sp2
microsoft .net framework 3.5
microsoft windows 10 -
microsoft windows 10 1607
microsoft windows 10 1703
microsoft windows 10 1709
microsoft windows 10 1803
microsoft windows 8.1 *
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2016 1803
microsoft .net framework 3.5.1
microsoft windows 7 - sp1
microsoft windows server 2008 r2 sp1
microsoft .net framework 4.5.2
microsoft windows 7 - sp1
microsoft windows 8.1 *
microsoft windows rt 8.1 -
microsoft windows server 2008 * sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft .net framework 4.6
microsoft windows server 2008 * sp2
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft .net framework 4.7.1
microsoft windows 10 1607
microsoft windows server 2016 -
microsoft .net framework 4.6
microsoft .net framework 4.6.1
microsoft .net framework 4.6.2
microsoft windows 10 -
microsoft .net framework 4.6
microsoft .net framework 4.6.1
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft .net framework 4.7.1
microsoft windows 7 - sp1
microsoft windows 8.1 *
microsoft windows rt 8.1 -
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft .net framework 4.7.1
microsoft windows 10 1709
microsoft .net framework 4.7.2
microsoft windows 10 1803
microsoft .net framework 4.7
microsoft .net framework 4.7.1
microsoft windows 10 1703
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 3.0 sp2
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft .net framework 4.6.1
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft .net core 2.0
microsoft .net framework 4.7.1
microsoft .net framework 4.7.2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1 -
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft windows 10 -
microsoft windows 10 -
microsoft windows server 2016
microsoft windows server 1709
microsoft windows server 1803
Denotes that component is vulnerable