High severity7.5NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026
CVE-2017-11883
CVE-2017-11883
Description
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.Server.WebListenerNuGet | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.AspNetCore.Server.WebListenerNuGet | >= 1.1.0, < 1.1.4 | 1.1.4 |
Microsoft.Net.Http.ServerNuGet | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.Net.Http.ServerNuGet | >= 1.1.0, < 1.1.4 | 1.1.4 |
Microsoft.AspNetCore.Server.HttpSysNuGet | >= 2.0.0, < 2.0.2 | 2.0.2 |
Affected products
7cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:aspnetcore:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnetcore:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnetcore:2.0:*:*:*:*:*:*:*
- ghsa-coords3 versionspkg:nuget/microsoft.aspnetcore.server.httpsyspkg:nuget/microsoft.aspnetcore.server.weblistenerpkg:nuget/microsoft.net.http.server
>= 2.0.0, < 2.0.2+ 2 more
- (no CPE)range: >= 2.0.0, < 2.0.2
- (no CPE)range: >= 1.0.0, < 1.0.6
- (no CPE)range: >= 1.0.0, < 1.0.6
Patches
Vulnerability mechanics
References
7- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883nvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/101835nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039793nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-f9jc-rrm2-pmfgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11883ghsaADVISORY
- github.com/aspnet/Announcements/issues/278ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
News mentions
0No linked articles in our index yet.