Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0787

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Published

2018-03-14T17:29:00.370

Last Modified

2024-11-21T03:38:56.940

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-640

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	asp.net_core	1.0	Yes
Application	microsoft	asp.net_core	1.1	Yes
Application	microsoft	asp.net_core	2.0	Yes

References

http://www.securityfocus.com/bid/103282 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040525 Third Party Advisory, VDB Entry ([email protected])
https://github.com/aspnet/Announcements/issues/295 Technical Description, Third Party Advisory ([email protected])
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103282 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040525 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/aspnet/Announcements/issues/295 Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)