VYPR
High severity7.5NVD Advisory· Published May 12, 2017· Updated Jun 17, 2026

CVE-2017-0248

CVE-2017-0248

Description

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.AspNetCore.MvcNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.MvcNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.CoreNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.CoreNuGet
>= 1.1.0, < 1.1.31.1.3
System.Net.HttpNuGet
>= 4.1.1, < 4.1.24.1.2
System.Net.HttpNuGet
>= 4.3.1, < 4.3.24.3.2
System.Text.Encodings.WebNuGet
>= 4.0.0, < 4.0.14.0.1
System.Text.Encodings.WebNuGet
>= 4.3.0, < 4.3.14.3.1
System.Net.Http.WinHttpHandlerNuGet
>= 4.0.0, < 4.0.14.0.1
System.Net.Http.WinHttpHandlerNuGet
>= 4.3.0, < 4.3.14.3.1
System.Net.SecurityNuGet
>= 4.0.0, < 4.0.14.0.1
System.Net.SecurityNuGet
>= 4.3.0, < 4.3.14.3.1
System.Net.WebSockets.ClientNuGet
>= 4.0.0, < 4.0.14.0.1
System.Net.WebSockets.ClientNuGet
>= 4.3.0, < 4.3.14.3.1
Microsoft.AspNetCore.Mvc.AbstractionsNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.AbstractionsNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.ApiExplorerNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.ApiExplorerNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.CorsNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.CorsNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.DataAnnotationsNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.DataAnnotationsNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.Formatters.JsonNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.Formatters.JsonNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.Formatters.XmlNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.Formatters.XmlNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.LocalizationNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.LocalizationNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.Razor.HostNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.Razor.HostNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.RazorNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.RazorNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.TagHelpersNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.TagHelpersNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.ViewFeaturesNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.ViewFeaturesNuGet
>= 1.1.0, < 1.1.31.1.3
Microsoft.AspNetCore.Mvc.WebApiCompatShimNuGet
>= 1.0.0, < 1.0.41.0.4
Microsoft.AspNetCore.Mvc.WebApiCompatShimNuGet
>= 1.1.0, < 1.1.31.1.3

Affected products

28

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.