.NET Security Feature Bypass Vulnerability - CVE-2018-0786ID: oval:org.secpod.oval:def:43461 | Date: (C)2018-01-11 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings. The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Product: |
Microsoft .NET Framework 2.0 |
Microsoft .NET Framework 3.0 |
Microsoft .NET Framework 3.5.1 |
Microsoft .NET Framework 4.5.2 |
Microsoft .NET Framework 4.6.2 |
Microsoft .NET Framework 4.6.1 |
Microsoft .NET Framework 4.6 |
Microsoft .NET Framework 3.5 |
Microsoft .NET Framework 4.7 |
Microsoft .NET Framework 4.7.1 |
Microsoft ASP .NET core 1.0 |
Microsoft ASP .NET core 2.0 |