CVE-2017-11883: Denial of service in ASP.NET Core
7.5
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Microsoft.AspNetCore.Server.WebListener | nuget | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.AspNetCore.Server.WebListener | nuget | >= 1.1.0, < 1.1.4 | 1.1.4 |
Microsoft.Net.Http.Server | nuget | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.Net.Http.Server | nuget | >= 1.1.0, < 1.1.4 | 1.1.4 |
Microsoft.AspNetCore.Server.HttpSys | nuget | >= 2.0.0, < 2.0.2 | 2.0.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information (CVE-2017-11883) describes a denial-of-service issue in ASP.NET Core's HTTP request handling when using the HttpSys
/WebListener
server. However, the available data (advisories, NVD entries, and Microsoft's announcement) do not explicitly name specific functions or methods responsible for the vulnerability. The root cause is attributed to improper request processing logic in the affected packages (Microsoft.AspNetCore.Server.WebListener
, Microsoft.Net.Http.Server
, and Microsoft.AspNetCore.Server.HttpSys
), but without access to commit diffs, patch details, or code examples, it is impossible to identify exact functions with high confidence. The vulnerability likely stems from low-level HTTP request parsing or resource management in the HttpSys
infrastructure, but no function names or file paths are disclosed in the provided sources.