CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Link	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356	Patch Vendor Advisory
http://www.securitytracker.com/id/1041257	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/104664	Third Party Advisory VDB Entry

Configuration 1

cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:* cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:* cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:*:*:*:*:*:*:* cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:* cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*

---

Published : 2018-07-11 12:29

Updated : 2022-05-23 05:29

---

NVD link : CVE-2018-8356

Mitre link : CVE-2018-8356

No products.

CWE-295

Improper Certificate Validation