CVE-2018-8269

HIGH

Microsoft.Data.OData - Denial of Service via Improper Web Request Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8269. PoCs published by Gal Zror.

AI-analyzed exploit summary This Metasploit module exploits a DoS vulnerability in Microsoft SharePoint Server 2016 by sending crafted OData filter requests that trigger a flaw in the Microsoft.Data.OData library (CVE-2018-8269). The exploit causes the server process to terminate, and repeated requests prevent automatic recovery.

Description

A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.

Exploits (1)

exploitdb WORKING POC

by Gal Zror · rubydoswindows

https://www.exploit-db.com/exploits/46101

View Code ZIP pw:eip

This Metasploit module exploits a DoS vulnerability in Microsoft SharePoint Server 2016 by sending crafted OData filter requests that trigger a flaw in the Microsoft.Data.OData library (CVE-2018-8269). The exploit causes the server process to terminate, and repeated requests prevent automatic recovery.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office SharePoint Server 2016

Auth required

Prerequisites: Valid SharePoint credentials · Network access to SharePoint server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105322

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46101/

Scores

CVSS v3 7.5

EPSS 0.2943

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (4)

microsoft/microsoft.data.odata

nuget/Microsoft.AspNetCore.All 2.1.0 - 2.1.13NuGet

nuget/Microsoft.AspNetCore.DataProtection.AzureStorage 2.1.0 - 2.1.13NuGet

nuget/Microsoft.Data.OData 0 - 5.8.4NuGet

Published Sep 13, 2018

Tracked Since Feb 18, 2026