CVE-2017-11879 - ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentic

CVE-2017-11879

Summary

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

References

http://www.securityfocus.com/bid/101713
http://www.securitytracker.com/id/1039793
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879

Vulnerable Configurations

cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 01-02-2018 - 17:06)
Impact:
Exploitability:

CWE

CWE-601

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bid	101713
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879
sectrack	1039793

Last major update

01-02-2018 - 17:06

Published

15-11-2017 - 03:29

Last modified

01-02-2018 - 17:06