Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-0249 (GCVE-0-2017-0249)
Vulnerability from cvelistv5
- Elevation of Privilege
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory |
Vendor | Product | Version | ||
---|---|---|---|---|
Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:55:19.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/aspnet/Announcements/issues/239" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ASP.NET Core", "vendor": "Microsoft Corporation", "versions": [ { "status": "affected", "version": "ASP.NET Core" } ] } ], "datePublic": "2017-05-09T00:00:00", "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-12T13:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/aspnet/Announcements/issues/239" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0249", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASP.NET Core", "version": { "version_data": [ { "version_value": "ASP.NET Core" } ] } } ] }, "vendor_name": "Microsoft Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aspnet/Announcements/issues/239", "refsource": "MISC", "url": "https://github.com/aspnet/Announcements/issues/239" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0249", "datePublished": "2017-05-12T14:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-05T12:55:19.336Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-0249\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-05-12T14:29:04.003\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D49ACA-0755-425C-9162-8D40D7AADDC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB52597-3458-4816-8432-7948CA21B8C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86207D1B-AE1B-4826-B07A-75815A5ED06B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96E6585-EA7C-47A7-B6EF-9926758E90DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"292C4DAD-1CBB-41DF-9E45-F8D594C03097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BC76DD26-1A09-419D-9156-16042FF7D508\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2A701C76-6AC7-4230-B0C5-9CD91010349C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"6E801676-656E-43F6-8C4E-EE0BD5EAF23E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"69E0C257-E39A-4404-AFE5-4D15BFA2DD7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DE818227-C9F3-49BA-80D1-FA49FA46B8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B7E8D173-9F85-4796-8A97-A77A531A3C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"893BD886-23DC-41E9-9DD1-C367F1638CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2F9CCC49-348F-44A3-8412-17B689B0B0B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"40ACE580-63FC-44A6-A1A3-19113BCF96B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"88D4AEE2-23B8-4FE6-A118-66735EF8BA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"3A31726B-E001-4568-9538-150C438D4D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"22473819-A864-4568-BB4F-B1B61D6BE768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"25F6E532-9282-4444-BE83-1D4254B78E98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"3D3B725F-E01E-4B44-B6FE-D384CB081880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"CD9CA7E6-4622-48CE-87DD-43850E6A3D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"9F0BE208-E908-4D55-ABC0-01899A7BCF3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BEB9143D-39A5-4A1A-8CF6-50A234476914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"784D8767-E542-4BEA-AC04-190EB86ACE44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B051C0F9-2D90-4F21-A4A3-49E52E4580F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"24849B2C-4475-4F63-99F8-D63AC7455AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E53251EE-7C63-4597-817D-E0E046D45E7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"C4B607A3-3637-4785-A7FA-074B370B57A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"10769FE6-90C1-41EF-B59C-2DF602798AA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"9F2FF0F8-0447-442F-99C7-AAE364942263\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"82A352B2-00B5-40EB-A053-3871999FF549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"1CBD8554-F155-4265-9ABA-27F2CFDB6645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"1D0612F5-8621-4FEB-B84D-6116CD92C671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"D917236C-B53D-454C-9FCD-4D0F48849C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B337AA31-B98C-47BD-B5C3-F2699FD0F3FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"32B849F2-CD4B-45DB-86DD-77248ED82C56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"5A08EDE3-035D-4A4F-AF2A-FDFC02264841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"28A15818-8AB8-4253-9D82-D968B05D4416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"C59BDECB-3184-4BE3-91B5-4703170D6E72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F861A072-D917-4BF5-99D3-3C9AD99A70EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"79F08C0E-5A28-4A8D-9987-CC273A38CDB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F8A9187E-AAF3-4186-9014-13D304463F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"19022A88-C140-4C64-8BAD-43CE0E448D78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"36170C72-162C-44F1-8291-DCF12AAC3D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"97E0DE96-A8CA-4395-8955-3223754A7678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"95D892B0-08CD-479B-8DBA-2E296A2139EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"18B1353C-D7FF-4B05-A0E0-17E06BB0BB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"16E5978D-49B7-4948-A57F-D0903CC2726B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"175E800A-6295-4EDD-AD76-AED50C4ED29F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DD429092-758C-40E2-9B62-552062DE5C99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"4B124905-C4EB-4943-BF9D-97DD9C63C773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F1382D94-3442-4770-99BC-A803DB7D99CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"CCF8ED4C-E275-4CCD-8D37-EFBB858731FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"72682900-3DEA-43E8-9E60-04D8AA575353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2614708B-D88A-45D1-989A-EC1F18B2ECF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"A43E17E5-B98E-4ED2-8745-DCEEBF7D122D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"48101840-E58F-4E2D-BA2D-8D07F76E1EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"20669ACD-4EA1-4B4A-A26B-E4F702B7FB50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"56285B40-74FB-4AE4-9998-09D3CC2FA76B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"4322AC03-A133-4778-A2F1-AD509764BB00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E4779EAE-28C3-454F-853C-45D7A4B264BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"34EB1A01-873A-4395-84D9-B048E2E12A43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"389FB05C-C41F-4162-B868-472A6FEE18BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"944C87F4-591A-46A3-A6BE-68CF070D2557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"83FB8E69-0103-4FAA-94D8-DA1FDF0532BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"6A5CA6EF-184A-4D35-A430-8D708041C139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7264CABF-8603-445F-8728-A53575239BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"776B722D-0DA6-4994-9323-06165E562489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"77A16675-CD3A-427B-888E-B1D8A51189AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B28A24AD-C225-45B3-8156-5A8107A7073C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"22B75008-7F05-4923-88D9-0D6619568C8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"C4A5D3CC-282D-484F-99E3-5D087F759C4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"8799CB21-5F98-4368-A1BC-2746438757CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B4315F2E-5272-4D09-80AF-A65AE52E37CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"9CCD4355-CE24-4F14-A348-BB76470E4DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"FF31C77E-67CA-481E-B4E2-2AE2941A4CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"79D7994A-ABDF-4F02-841D-B082917CA9F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7B33EFE6-68BB-46FD-834D-B767641E1AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"71FFFD6C-1243-480F-874E-3548EED2D471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"76906A3F-9A22-453F-BCCF-35C248E6788C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E7A176BB-A188-44A9-9E52-D385B13D328F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DF881FCD-8E4C-47AC-ABED-05F805D3DED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"06C3E2C7-C113-4224-8F4F-3BDD3B800B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F376D1B3-5801-4BC3-B060-39DC928A9838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"0ACC7FBF-34A3-4A95-A7B0-396AB194976A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"AA8408AC-5380-4C77-BA49-C236F0CBB51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66\"}]}]}],\"references\":[{\"url\":\"https://github.com/aspnet/Announcements/issues/239\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/aspnet/Announcements/issues/239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}" } }
var-201705-3360
Vulnerability from variot
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "system.text.encodings.web", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.3.0" }, { "model": "system.net.http", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.3.1" }, { "model": "system.net.http.winhttphandler", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.3.0" }, { "model": "system.net.security", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.0.0" }, { "model": "system.net.websockets.client", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.3.0" }, { "model": "system.text.encodings.web", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.0.0" }, { "model": "system.net.http.winhttphandler", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.0.1" }, { "model": "system.net.websockets.client", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.0.0" }, { "model": "system.net.security", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.3.0" }, { "model": "system.net.http", "scope": "eq", "trust": 1.6, "vendor": "microsoft", "version": "4.1.1" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.webapicompatshim", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.razor", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.dataannotations", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.abstractions", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "asp.net model view controller", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.formatters.json", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.2" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.razor.host", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.apiexplorer", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "microsoft.aspnetcore.mvc.cors", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.taghelpers", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.2" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.1" }, { "model": "microsoft.aspnetcore.mvc.localization", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.0" }, { "model": "microsoft.aspnetcore.mvc.formatters.xml", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.0.3" }, { "model": "microsoft.aspnetcore.mvc.viewfeatures", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1.1.1" }, { "model": "asp.net", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "core" }, { "model": "asp.net core", "scope": null, "trust": 0.6, "vendor": "microsoft", "version": null }, { "model": "asp.net", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "BID", "id": "98118" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNNVD", "id": "CNNVD-201705-736" }, { "db": "NVD", "id": "CVE-2017-0249" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:microsoft:asp.net", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-003294" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft", "sources": [ { "db": "BID", "id": "98118" } ], "trust": 0.3 }, "cve": "CVE-2017-0249", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-0249", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-07323", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2017-0249", "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-0249", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-0249", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-07323", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201705-736", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2017-0249", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "VULMON", "id": "CVE-2017-0249" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNNVD", "id": "CNNVD-201705-736" }, { "db": "NVD", "id": "CVE-2017-0249" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access", "sources": [ { "db": "NVD", "id": "CVE-2017-0249" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "CNNVD", "id": "CNNVD-201705-736" }, { "db": "BID", "id": "98118" }, { "db": "VULMON", "id": "CVE-2017-0249" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-0249", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2017-003294", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2017-07323", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201705-736", "trust": 0.6 }, { "db": "BID", "id": "98118", "trust": 0.4 }, { "db": "VULMON", "id": "CVE-2017-0249", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "VULMON", "id": "CVE-2017-0249" }, { "db": "BID", "id": "98118" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNNVD", "id": "CNNVD-201705-736" }, { "db": "NVD", "id": "CVE-2017-0249" } ] }, "id": "VAR-201705-3360", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" } ], "trust": 0.79172932 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" } ] }, "last_update_date": "2024-11-23T22:13:01.670000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", "trust": 0.8, "url": "https://github.com/aspnet/Announcements/issues/239" }, { "title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/94179" }, { "title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70329" }, { "title": "OssIndexClient", "trust": 0.1, "url": "https://github.com/SimonCropp/OssIndexClient " }, { "title": "", "trust": 0.1, "url": "https://github.com/shiftingleft/dotnet-scm-test " }, { "title": "", "trust": 0.1, "url": "https://github.com/jnewman-sonatype/DotNetTest " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "VULMON", "id": "CVE-2017-0249" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNNVD", "id": "CNNVD-201705-736" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "NVD", "id": "CVE-2017-0249" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://github.com/aspnet/announcements/issues/239" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0249" }, { "trust": 0.3, "url": "http://www.microsoft.com" }, { "trust": 0.3, "url": "https://technet.microsoft.com/library/security/4021279.aspx" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/98118" }, { "trust": 0.1, "url": "https://github.com/simoncropp/ossindexclient" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "VULMON", "id": "CVE-2017-0249" }, { "db": "BID", "id": "98118" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNNVD", "id": "CNNVD-201705-736" }, { "db": "NVD", "id": "CVE-2017-0249" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2017-07323" }, { "db": "VULMON", "id": "CVE-2017-0249" }, { "db": "BID", "id": "98118" }, { "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "db": "CNNVD", "id": "CNNVD-201705-736" }, { "db": "NVD", "id": "CVE-2017-0249" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-24T00:00:00", "db": "CNVD", "id": "CNVD-2017-07323" }, { "date": "2017-05-12T00:00:00", "db": "VULMON", "id": "CVE-2017-0249" }, { "date": "2017-05-10T00:00:00", "db": "BID", "id": "98118" }, { "date": "2017-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "date": "2017-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-736" }, { "date": "2017-05-12T14:29:04.003000", "db": "NVD", "id": "CVE-2017-0249" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-24T00:00:00", "db": "CNVD", "id": "CNVD-2017-07323" }, { "date": "2021-06-30T00:00:00", "db": "VULMON", "id": "CVE-2017-0249" }, { "date": "2017-05-23T16:25:00", "db": "BID", "id": "98118" }, { "date": "2017-05-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-003294" }, { "date": "2021-07-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-736" }, { "date": "2024-11-21T03:02:37.610000", "db": "NVD", "id": "CVE-2017-0249" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-736" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft ASP.NET Core Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-003294" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-736" } ], "trust": 0.6 } }
gsd-2017-0249
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2017-0249", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "id": "GSD-2017-0249" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-0249" ], "details": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "id": "GSD-2017-0249", "modified": "2023-12-13T01:20:59.807704Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0249", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ASP.NET Core", "version": { "version_data": [ { "version_value": "ASP.NET Core" } ] } } ] }, "vendor_name": "Microsoft Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aspnet/Announcements/issues/239", "refsource": "MISC", "url": "https://github.com/aspnet/Announcements/issues/239" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,9.8.3]", "affected_versions": "All versions up to 9.8.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "", "package_slug": "nuget/DisCatSharp", "pubdate": "2018-10-16", "solution": "Unfortunately, there is no solution available yet.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "1219fd69-7dc9-4d46-9487-a2d4d9a2cd7e" }, { "affected_range": "[1.0.0,1.1.2]", "affected_versions": "All versions starting from 1.0.0 up to 1.1.2", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-06-30", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "3.0.20105.1" ], "identifier": "CVE-2017-0249", "identifiers": [ "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions after 1.1.2", "package_slug": "nuget/Microsoft.AspNet.Mvc", "pubdate": "2017-05-12", "solution": "Upgrade to version 3.0.20105.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239" ], "uuid": "cbe3de12-1108-4d51-b49a-84a1afad936f" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Abstractions", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "62f58352-1a84-400e-a5a8-40bc9f97d73c" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.ApiExplorer", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "7c279979-debd-4717-b86e-9c68d7d91bbc" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Core", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "6e40815f-dea6-48b0-bf14-adc6ee49a328" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Cors", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "535625d2-11aa-419a-80fa-bee8040ec764" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.DataAnnotations", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "addde79f-80fb-4b33-988b-b50bf45bbd1e" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Formatters.Json", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "5ab5c31a-8828-4b39-b5b7-28d8dfcacac3" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Formatters.Xml", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "d0dc0873-1273-40f6-9637-5c705d8cd324" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Localization", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "5f68c133-b7d1-4f57-8626-e39a4807ccd4" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Razor.Host", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "5ecc4219-f489-413b-94d2-cd92ffa05d76" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.Razor", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "d9b60398-cb8e-4110-bc47-b1826085dd80" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.TagHelpers", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "3873251f-bafc-4dc5-b9c8-f0ec2e351976" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.ViewFeatures", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "262a65b0-5cc4-4f2f-9c91-952fbdcd556f" }, { "affected_range": "[1.0.0,1.0.4),[1.1.0,1.1.3)", "affected_versions": "All versions starting from 1.0.0 before 1.0.4, all versions starting from 1.1.0 before 1.1.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.0.4", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.0.0, all versions starting from 1.0.4 before 1.1.0, all versions starting from 1.1.3", "package_slug": "nuget/Microsoft.AspNetCore.Mvc.WebApiCompatShim", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.0.4, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "dfe21246-923b-4880-8f77-7861b3937d11" }, { "affected_range": "[1.1.0,1.1.3),[1.0.0,1.0.4)", "affected_versions": "All versions starting from 1.1.0 before 1.1.3, all versions starting from 1.0.0 before 1.0.4", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "1.1.3", "1.1.3" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 1.1.0, all versions starting from 1.1.3, all versions before 1.0.0, all versions starting from 1.0.4", "package_slug": "nuget/Microsoft.AspNetCore.Mvc", "pubdate": "2018-10-16", "solution": "Upgrade to versions 1.1.3, 1.1.3 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "e6344076-f593-4db8-be67-9ed78d1dcf80" }, { "affected_range": "[4.0.0],[4.3.0]", "affected_versions": "Version 4.0.0, version 4.3.0", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "4.0.1", "4.3.1" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 4.0.0, all versions after 4.0.0 before 4.3.0, all versions after 4.3.0", "package_slug": "nuget/System.Net.Http.WinHttpHandler", "pubdate": "2018-10-16", "solution": "Upgrade to versions 4.0.1, 4.3.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "6f203fbd-8ce9-484c-a1b9-9788709c29f6" }, { "affected_range": "[4.1.1],[4.3.1]", "affected_versions": "Version 4.1.1, version 4.3.1", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "4.1.2", "4.3.2" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 4.1.1, all versions after 4.1.1 before 4.3.1, all versions after 4.3.1", "package_slug": "nuget/System.Net.Http", "pubdate": "2018-10-16", "solution": "Upgrade to versions 4.1.2, 4.3.2 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "4c434dd9-804b-490e-9916-d5bd4f128a15" }, { "affected_range": "[4.0.0],[4.3.0]", "affected_versions": "Version 4.0.0, version 4.3.0", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "4.0.1", "4.3.1" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 4.0.0, all versions after 4.0.0 before 4.3.0, all versions after 4.3.0", "package_slug": "nuget/System.Net.Security", "pubdate": "2018-10-16", "solution": "Upgrade to versions 4.0.1, 4.3.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "40ea326d-2b8b-46ae-8930-40f7d5631596" }, { "affected_range": "[4.0.0],[4.3.0]", "affected_versions": "Version 4.0.0, version 4.3.0", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "4.0.1", "4.3.1" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 4.0.0, all versions after 4.0.0 before 4.3.0, all versions after 4.3.0", "package_slug": "nuget/System.Net.WebSockets.Client", "pubdate": "2018-10-16", "solution": "Upgrade to versions 4.0.1, 4.3.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "dbfaa662-81a5-4751-b31b-e2d41bc3a197" }, { "affected_range": "[4.0.0],[4.3.0]", "affected_versions": "Version 4.0.0, version 4.3.0", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2021-10-08", "description": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", "fixed_versions": [ "4.0.1", "4.3.1" ], "identifier": "CVE-2017-0249", "identifiers": [ "GHSA-qhqf-ghgh-x2m4", "CVE-2017-0249" ], "not_impacted": "All versions before 4.0.0, all versions after 4.0.0 before 4.3.0, all versions after 4.3.0", "package_slug": "nuget/System.Text.Encodings.Web", "pubdate": "2018-10-16", "solution": "Upgrade to versions 4.0.1, 4.3.1 or above.", "title": "Improper Input Validation", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-0249", "https://github.com/aspnet/Announcements/issues/239", "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4", "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" ], "uuid": "0e47aabd-efd7-48d4-b29e-582a595ffea7" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0249" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aspnet/Announcements/issues/239", "refsource": "MISC", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://github.com/aspnet/Announcements/issues/239" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.4 } }, "lastModifiedDate": "2021-06-30T16:54Z", "publishedDate": "2017-05-12T14:29Z" } } }
ghsa-qhqf-ghgh-x2m4
Vulnerability from github
See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249
{ "affected": [ { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Core" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Core" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.Http" }, "ranges": [ { "events": [ { "introduced": "4.1.1" }, { "fixed": "4.1.2" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.1.1" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.Http" }, "ranges": [ { "events": [ { "introduced": "4.3.1" }, { "fixed": "4.3.2" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.3.1" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Text.Encodings.Web" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.0.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Text.Encodings.Web" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.3.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.Http.WinHttpHandler" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.0.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.Http.WinHttpHandler" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.3.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.Security" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.0.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.Security" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.3.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.WebSockets.Client" }, "ranges": [ { "events": [ { "introduced": "4.0.0" }, { "fixed": "4.0.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.0.0" ] }, { "package": { "ecosystem": "NuGet", "name": "System.Net.WebSockets.Client" }, "ranges": [ { "events": [ { "introduced": "4.3.0" }, { "fixed": "4.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "4.3.0" ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Abstractions" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Abstractions" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.ApiExplorer" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.ApiExplorer" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Cors" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Cors" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.DataAnnotations" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.DataAnnotations" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Formatters.Json" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Formatters.Json" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Formatters.Xml" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Formatters.Xml" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Localization" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Localization" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Razor.Host" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Razor.Host" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Razor" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.Razor" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.TagHelpers" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.TagHelpers" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.ViewFeatures" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.ViewFeatures" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.WebApiCompatShim" }, "ranges": [ { "events": [ { "introduced": "1.0.0" }, { "fixed": "1.0.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "Microsoft.AspNetCore.Mvc.WebApiCompatShim" }, "ranges": [ { "events": [ { "introduced": "1.1.0" }, { "fixed": "1.1.3" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "NuGet", "name": "DisCatSharp" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "9.8.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2017-0249" ], "database_specific": { "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:52:02Z", "nvd_published_at": "2017-05-12T14:29:00Z", "severity": "HIGH" }, "details": "See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 \u0026 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249", "id": "GHSA-qhqf-ghgh-x2m4", "modified": "2021-10-08T21:18:12Z", "published": "2018-10-16T19:57:38Z", "references": [ { "type": "WEB", "url": "https://github.com/Aiko-IT-Systems/DisCatSharp/security/advisories/GHSA-wj4j-gr3f-cfh7" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0249" }, { "type": "WEB", "url": "https://github.com/aspnet/Announcements/issues/239" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-qhqf-ghgh-x2m4" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "type": "CVSS_V3" } ], "summary": "High severity vulnerability that affects Microsoft.AspNetCore.Mvc" }
fkie_cve-2017-0249
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests." }, { "lang": "es", "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web." } ], "id": "CVE-2017-0249", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-05-12T14:29:04.003", "references": [ { "source": "secure@microsoft.com", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://github.com/aspnet/Announcements/issues/239" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "https://github.com/aspnet/Announcements/issues/239" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cnvd-2017-07323
Vulnerability from cnvd
Title: Microsoft ASP.NET Core权限提升漏洞
Description:
Microsoft ASP.NET Core是美国微软(Microsoft)公司的一个跨平台开源框架。该框架用于构建Web一应用、物联网应用和移动后端等基于云的应用程序。
Microsoft ASP.NET Core中存在权限提升漏洞,该漏洞源于程序未能正确的过滤Web请求。攻击者可利用该漏洞获取权限。
Severity: 高
Patch Name: Microsoft ASP.NET Core权限提升漏洞的补丁
Patch Description:
Microsoft ASP.NET Core是美国微软(Microsoft)公司的一个跨平台开源框架。该框架用于构建Web一应用、物联网应用和移动后端等基于云的应用程序。
Microsoft ASP.NET Core中存在权限提升漏洞,该漏洞源于程序未能正确的过滤Web请求。攻击者可利用该漏洞获取权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://github.com/aspnet/Announcements/issues/239
Reference: https://github.com/aspnet/Announcements/issues/239
Name | Microsoft ASP.NET Core |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2017-0249" } }, "description": "Microsoft ASP.NET Core\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u8de8\u5e73\u53f0\u5f00\u6e90\u6846\u67b6\u3002\u8be5\u6846\u67b6\u7528\u4e8e\u6784\u5efaWeb\u4e00\u5e94\u7528\u3001\u7269\u8054\u7f51\u5e94\u7528\u548c\u79fb\u52a8\u540e\u7aef\u7b49\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft ASP.NET Core\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002", "discovererName": "Microsoft", "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/aspnet/Announcements/issues/239", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2017-07323", "openTime": "2017-05-24", "patchDescription": "Microsoft ASP.NET Core\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u8de8\u5e73\u53f0\u5f00\u6e90\u6846\u67b6\u3002\u8be5\u6846\u67b6\u7528\u4e8e\u6784\u5efaWeb\u4e00\u5e94\u7528\u3001\u7269\u8054\u7f51\u5e94\u7528\u548c\u79fb\u52a8\u540e\u7aef\u7b49\u57fa\u4e8e\u4e91\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft ASP.NET Core\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Microsoft ASP.NET Core\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": "Microsoft ASP.NET Core" }, "referenceLink": "https://github.com/aspnet/Announcements/issues/239", "serverity": "\u9ad8", "submitTime": "2017-05-19", "title": "Microsoft ASP.NET Core\u6743\u9650\u63d0\u5347\u6f0f\u6d1e" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.