ID CVE-2017-11879
Summary ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 01-02-2018 - 17:06)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
bid 101713
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879
sectrack 1039793
Last major update 01-02-2018 - 17:06
Published 15-11-2017 - 03:29
Last modified 01-02-2018 - 17:06
Back to Top