High severity7.5NVD Advisory· Published Jul 11, 2017· Updated May 13, 2026

CVE-2017-8585

Description

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.NETCore.AppNuGet	>= 1.0.0, < 1.0.7	1.0.7
Microsoft.NETCore.AppNuGet	>= 1.1.0, < 1.1.4	1.1.4

Affected products

Microsoft/.net Framework4 versions
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
Microsoft Corporation/Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7v5
Range: Microsoft .NET Framework

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585nvdPatchVendor AdvisoryWEB
www.securityfocus.com/bid/99432nvdThird Party AdvisoryVDB EntryWEB
www.securitytracker.com/id/1038864nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-8884-xcr4-r68pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-8585ghsaADVISORY
access.redhat.com/errata/RHSA-2017:3248nvdWEB
github.com/dotnet/corefx/issues/24703ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.022
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000