Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for ASP.NET MVC 5.2 by Microsoft
CVE-2018-8171 (GCVE-0-2018-8171)
Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
VLAI
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Severity
No CVSS data available.
CWE
- Security Feature Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041267 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104659 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | ASP.NET |
Affected:
Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
|
| Microsoft | ASP.NET Core |
Affected:
1.0
Affected: 1.1 Affected: 2.0 |
|
| Microsoft | ASP.NET MVC 5.2 |
Affected:
Microsoft Visual Studio 2013 Update 5
Affected: Microsoft Visual Studio 2015 Update 3 |
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET MVC 5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Microsoft Visual Studio 2015 Update 3"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET MVC 5.2",
"version": {
"version_data": [
{
"version_value": "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8171",
"datePublished": "2018-07-11T00:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:13.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8171 (GCVE-0-2018-8171)
Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
VLAI
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Severity
No CVSS data available.
CWE
- Security Feature Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041267 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104659 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | ASP.NET |
Affected:
Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
|
| Microsoft | ASP.NET Core |
Affected:
1.0
Affected: 1.1 Affected: 2.0 |
|
| Microsoft | ASP.NET MVC 5.2 |
Affected:
Microsoft Visual Studio 2013 Update 5
Affected: Microsoft Visual Studio 2015 Update 3 |
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET MVC 5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Microsoft Visual Studio 2015 Update 3"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET MVC 5.2",
"version": {
"version_data": [
{
"version_value": "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8171",
"datePublished": "2018-07-11T00:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:13.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}