Vulnerabilites related to Microsoft - ASP.NET
CVE-2005-2224 (GCVE-0-2005-2224)
Vulnerability from cvelistv5
Published
2005-07-12 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.spidynamics.com/spilabs/advisories/aspRCP.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/14217 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/16005 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:47.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.spidynamics.com/spilabs/advisories/aspRCP.html", }, { name: "14217", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14217", }, { name: "16005", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16005", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-12T00:00:00", descriptions: [ { lang: "en", value: "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2006-01-17T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.spidynamics.com/spilabs/advisories/aspRCP.html", }, { name: "14217", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14217", }, { name: "16005", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16005", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2224", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.spidynamics.com/spilabs/advisories/aspRCP.html", refsource: "MISC", url: "http://www.spidynamics.com/spilabs/advisories/aspRCP.html", }, { name: "14217", refsource: "BID", url: "http://www.securityfocus.com/bid/14217", }, { name: "16005", refsource: "SECUNIA", url: "http://secunia.com/advisories/16005", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2224", datePublished: "2005-07-12T04:00:00", dateReserved: "2005-07-12T00:00:00", dateUpdated: "2024-08-07T22:22:47.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-2088 (GCVE-0-2010-2088)
Vulnerability from cvelistv5
Published
2010-05-27 18:32
Modified
2024-09-16 22:21
Severity ?
EPSS score ?
Summary
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt | x_refsource_MISC | |
| http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:17:14.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-05-27T18:32:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-2088", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt", refsource: "MISC", url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt", }, { name: "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf", refsource: "MISC", url: "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-2088", datePublished: "2010-05-27T18:32:00Z", dateReserved: "2010-05-27T00:00:00Z", dateUpdated: "2024-09-16T22:21:05.802Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2005-1664 (GCVE-0-2005-1664)
Vulnerability from cvelistv5
Published
2005-05-18 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111513127704270&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://scottonwriting.net/sowblog/posts/3747.aspx | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=111532887612517&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20409 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/15241 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16196 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:59:24.002Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { name: "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=111532887612517&w=2", }, { name: "ms-aspnet-viewstate-replay(20409)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409", }, { name: "15241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15241", }, { name: "16196", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/16196", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-05T00:00:00", descriptions: [ { lang: "en", value: "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { name: "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=111532887612517&w=2", }, { name: "ms-aspnet-viewstate-replay(20409)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409", }, { name: "15241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15241", }, { name: "16196", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/16196", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-1664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { name: "http://scottonwriting.net/sowblog/posts/3747.aspx", refsource: "MISC", url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { name: "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=111532887612517&w=2", }, { name: "ms-aspnet-viewstate-replay(20409)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409", }, { name: "15241", refsource: "SECUNIA", url: "http://secunia.com/advisories/15241", }, { name: "16196", refsource: "OSVDB", url: "http://www.osvdb.org/16196", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-1664", datePublished: "2005-05-18T04:00:00", dateReserved: "2005-05-18T00:00:00", dateUpdated: "2024-08-07T21:59:24.002Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2006-1364 (GCVE-0-2006-1364)
Vulnerability from cvelistv5
Published
2006-03-23 11:00
Modified
2024-08-07 17:12
Severity ?
EPSS score ?
Summary
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/428622/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip | x_refsource_MISC | |
| http://securitytracker.com/id?1015825 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/17188 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25392 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/1601 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html | x_refsource_MISC | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html | mailing-list, x_refsource_FULLDISC | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html | mailing-list, x_refsource_FULLDISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T17:12:20.929Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20060322 w3wp remote DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/428622/100/0/threaded", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", }, { name: "1015825", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1015825", }, { name: "17188", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/17188", }, { name: "ms-aspnet-w3wp-dos(25392)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392", }, { name: "1601", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/1601", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", }, { name: "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html", }, { name: "20060322 w3wp remote DoS", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2006-03-22T00:00:00", descriptions: [ { lang: "en", value: "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-18T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20060322 w3wp remote DoS", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/428622/100/0/threaded", }, { tags: [ "x_refsource_MISC", ], url: "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", }, { name: "1015825", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1015825", }, { name: "17188", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/17188", }, { name: "ms-aspnet-w3wp-dos(25392)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392", }, { name: "1601", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/1601", }, { tags: [ "x_refsource_MISC", ], url: "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", }, { name: "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html", }, { name: "20060322 w3wp remote DoS", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-1364", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20060322 w3wp remote DoS", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/428622/100/0/threaded", }, { name: "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", refsource: "MISC", url: "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", }, { name: "1015825", refsource: "SECTRACK", url: "http://securitytracker.com/id?1015825", }, { name: "17188", refsource: "BID", url: "http://www.securityfocus.com/bid/17188", }, { name: "ms-aspnet-w3wp-dos(25392)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392", }, { name: "1601", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/1601", }, { name: "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", refsource: "MISC", url: "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", }, { name: "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html", }, { name: "20060322 w3wp remote DoS", refsource: "FULLDISC", url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-1364", datePublished: "2006-03-23T11:00:00", dateReserved: "2006-03-23T00:00:00", dateUpdated: "2024-08-07T17:12:20.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2004-0847 (GCVE-0-2004-0847)
Vulnerability from cvelistv5
Published
2004-10-06 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004 | vendor-advisory, x_refsource_MS | |
| http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 | x_refsource_MISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA05-039A.html | third-party-advisory, x_refsource_CERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17644 | vdb-entry, x_refsource_XF | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.kb.cert.org/vuls/id/283646 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/11342 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html | mailing-list, x_refsource_NTBUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:31:47.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS05-004", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754", }, { name: "oval:org.mitre.oval:def:4987", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987", }, { name: "TA05-039A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-039A.html", }, { name: "windows-forms-security-bypass(17644)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644", }, { name: "oval:org.mitre.oval:def:3556", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556", }, { name: "VU#283646", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/283646", }, { name: "11342", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/11342", }, { name: "20040914 Security bug in .NET Forms Authentication", tags: [ "mailing-list", "x_refsource_NTBUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-09-14T00:00:00", descriptions: [ { lang: "en", value: "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MS05-004", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004", }, { tags: [ "x_refsource_MISC", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754", }, { name: "oval:org.mitre.oval:def:4987", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987", }, { name: "TA05-039A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-039A.html", }, { name: "windows-forms-security-bypass(17644)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644", }, { name: "oval:org.mitre.oval:def:3556", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556", }, { name: "VU#283646", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/283646", }, { name: "11342", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/11342", }, { name: "20040914 Security bug in .NET Forms Authentication", tags: [ "mailing-list", "x_refsource_NTBUGTRAQ", ], url: "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-0847", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS05-004", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004", }, { name: "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754", refsource: "MISC", url: "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754", }, { name: "oval:org.mitre.oval:def:4987", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987", }, { name: "TA05-039A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA05-039A.html", }, { name: "windows-forms-security-bypass(17644)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644", }, { name: "oval:org.mitre.oval:def:3556", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556", }, { name: "VU#283646", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/283646", }, { name: "11342", refsource: "BID", url: "http://www.securityfocus.com/bid/11342", }, { name: "20040914 Security bug in .NET Forms Authentication", refsource: "NTBUGTRAQ", url: "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-0847", datePublished: "2004-10-06T04:00:00", dateReserved: "2004-09-08T00:00:00", dateUpdated: "2024-08-08T00:31:47.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-2084 (GCVE-0-2010-2084)
Vulnerability from cvelistv5
Published
2010-05-27 18:32
Modified
2024-09-16 17:43
Severity ?
EPSS score ?
Summary
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:17:13.571Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-05-27T18:32:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-2084", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", refsource: "MISC", url: "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-2084", datePublished: "2010-05-27T18:32:00Z", dateReserved: "2010-05-27T00:00:00Z", dateUpdated: "2024-09-16T17:43:57.850Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2003-0768 (GCVE-0-2003-0768)
Vulnerability from cvelistv5
Published
2003-09-12 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106304326916062&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T02:05:12.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=106304326916062&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2003-09-08T00:00:00", descriptions: [ { lang: "en", value: "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=106304326916062&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2003-0768", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=106304326916062&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2003-0768", datePublished: "2003-09-12T04:00:00", dateReserved: "2003-09-09T00:00:00", dateUpdated: "2024-08-08T02:05:12.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2005-1665 (GCVE-0-2005-1665)
Vulnerability from cvelistv5
Published
2005-05-18 04:00
Modified
2024-08-07 21:59
Severity ?
EPSS score ?
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=111513127704270&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20408 | vdb-entry, x_refsource_XF | |
| http://scottonwriting.net/sowblog/posts/3747.aspx | x_refsource_MISC | |
| http://www.osvdb.org/16195 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/15241 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:59:23.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { name: "ms-aspnet-viewstate-dos(20408)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { name: "16195", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/16195", }, { name: "15241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15241", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-05-05T00:00:00", descriptions: [ { lang: "en", value: "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { name: "ms-aspnet-viewstate-dos(20408)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408", }, { tags: [ "x_refsource_MISC", ], url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { name: "16195", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/16195", }, { name: "15241", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15241", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-1665", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { name: "ms-aspnet-viewstate-dos(20408)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408", }, { name: "http://scottonwriting.net/sowblog/posts/3747.aspx", refsource: "MISC", url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { name: "16195", refsource: "OSVDB", url: "http://www.osvdb.org/16195", }, { name: "15241", refsource: "SECUNIA", url: "http://secunia.com/advisories/15241", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-1665", datePublished: "2005-05-18T04:00:00", dateReserved: "2005-05-18T00:00:00", dateUpdated: "2024-08-07T21:59:23.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2005-0452 (GCVE-0-2005-0452)
Vulnerability from cvelistv5
Published
2005-02-16 05:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110867912714913&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14214 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/12574 | vdb-entry, x_refsource_BID | |
| http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:13:54.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20050217 XSS vulnerabilty in ASP.Net [with details]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=110867912714913&w=2", }, { name: "14214", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14214", }, { name: "12574", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12574", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-02-16T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \">\" and \"<\".", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20050217 XSS vulnerabilty in ASP.Net [with details]", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=110867912714913&w=2", }, { name: "14214", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14214", }, { name: "12574", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12574", }, { tags: [ "x_refsource_MISC", ], url: "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0452", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \">\" and \"<\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20050217 XSS vulnerabilty in ASP.Net [with details]", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=110867912714913&w=2", }, { name: "14214", refsource: "SECUNIA", url: "http://secunia.com/advisories/14214", }, { name: "12574", refsource: "BID", url: "http://www.securityfocus.com/bid/12574", }, { name: "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml", refsource: "MISC", url: "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0452", datePublished: "2005-02-16T05:00:00", dateReserved: "2005-02-16T00:00:00", dateUpdated: "2024-08-07T21:13:54.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8171 (GCVE-0-2018-8171)
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041267 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104659 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | ASP.NET |
Version: Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5 Version: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041267", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041267", }, { name: "104659", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104659", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ASP.NET", vendor: "Microsoft", versions: [ { status: "affected", version: "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5", }, { status: "affected", version: "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3", }, ], }, { product: "ASP.NET Core", vendor: "Microsoft", versions: [ { status: "affected", version: "1.0", }, { status: "affected", version: "1.1", }, { status: "affected", version: "2.0", }, ], }, { product: "ASP.NET MVC 5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Microsoft Visual Studio 2013 Update 5", }, { status: "affected", version: "Microsoft Visual Studio 2015 Update 3", }, ], }, ], datePublic: "2018-07-10T00:00:00", descriptions: [ { lang: "en", value: "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.", }, ], problemTypes: [ { descriptions: [ { description: "Security Feature Bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1041267", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041267", }, { name: "104659", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104659", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8171", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ASP.NET", version: { version_data: [ { version_value: "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5", }, { version_value: "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3", }, ], }, }, { product_name: "ASP.NET Core", version: { version_data: [ { version_value: "1.0", }, { version_value: "1.1", }, { version_value: "2.0", }, ], }, }, { product_name: "ASP.NET MVC 5.2", version: { version_data: [ { version_value: "Microsoft Visual Studio 2013 Update 5", }, { version_value: "Microsoft Visual Studio 2015 Update 3", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Security Feature Bypass", }, ], }, ], }, references: { reference_data: [ { name: "1041267", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041267", }, { name: "104659", refsource: "BID", url: "http://www.securityfocus.com/bid/104659", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8171", datePublished: "2018-07-11T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-201801-1126
Vulnerability from variot
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. An attacker can exploit this issue to gain elevated privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1126", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "asp.net core", scope: "eq", trust: 3.3, vendor: "microsoft", version: "2.0", }, { model: "windows version for 32-bit systems", scope: "eq", trust: 0.3, vendor: "microsoft", version: "1017030", }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, { db: "BID", id: "102377", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "NVD", id: "CVE-2018-0784", }, { db: "CNNVD", id: "CNNVD-201801-406", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-0784", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Kévin Chalet", sources: [ { db: "BID", id: "102377", }, ], trust: 0.3, }, cve: "CVE-2018-0784", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 6.8, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2018-0784", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2018-00899", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2018-0784", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2018-0784", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2018-00899", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201801-406", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "NVD", id: "CVE-2018-0784", }, { db: "CNNVD", id: "CNNVD-201801-406", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. \nAn attacker can exploit this issue to gain elevated privileges", sources: [ { db: "NVD", id: "CVE-2018-0784", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "CNVD", id: "CNVD-2018-00899", }, { db: "CNNVD", id: "CNNVD-201801-406", }, { db: "BID", id: "102377", }, ], trust: 2.97, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-0784", trust: 3.3, }, { db: "BID", id: "102377", trust: 2.5, }, { db: "SECTRACK", id: "1040151", trust: 2.2, }, { db: "JVNDB", id: "JVNDB-2018-001241", trust: 0.8, }, { db: "CNVD", id: "CNVD-2018-00899", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201801-406", trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, { db: "BID", id: "102377", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "NVD", id: "CVE-2018-0784", }, { db: "CNNVD", id: "CNNVD-201801-406", }, ], }, id: "VAR-201801-1126", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, ], trust: 0.81178882, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, ], }, last_update_date: "2023-12-18T13:02:48.494000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerability", trust: 0.8, url: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784", }, { title: "CVE-2018-0784 | ASP.NET Core の特権の昇格の脆弱性", trust: 0.8, url: "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0784", }, { title: "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2018-00899)", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/113385", }, { title: "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77661", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "CNNVD", id: "CNNVD-201801-406", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "CWE-264", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "NVD", id: "CVE-2018-0784", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "http://www.securityfocus.com/bid/102377", }, { trust: 2.2, url: "http://www.securitytracker.com/id/1040151", }, { trust: 1.9, url: "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0784", }, { trust: 0.8, url: "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html", }, { trust: 0.8, url: "http://www.jpcert.or.jp/at/2018/at180002.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2018-0784", }, { trust: 0.3, url: "http://www.microsoft.com", }, ], sources: [ { db: "CNVD", id: "CNVD-2018-00899", }, { db: "BID", id: "102377", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "NVD", id: "CVE-2018-0784", }, { db: "CNNVD", id: "CNNVD-201801-406", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2018-00899", }, { db: "BID", id: "102377", }, { db: "JVNDB", id: "JVNDB-2018-001241", }, { db: "NVD", id: "CVE-2018-0784", }, { db: "CNNVD", id: "CNNVD-201801-406", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-15T00:00:00", db: "CNVD", id: "CNVD-2018-00899", }, { date: "2018-01-09T00:00:00", db: "BID", id: "102377", }, { date: "2018-02-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-001241", }, { date: "2018-01-10T01:29:00.243000", db: "NVD", id: "CVE-2018-0784", }, { date: "2018-01-11T00:00:00", db: "CNNVD", id: "CNNVD-201801-406", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-15T00:00:00", db: "CNVD", id: "CNVD-2018-00899", }, { date: "2018-01-09T00:00:00", db: "BID", id: "102377", }, { date: "2018-02-02T00:00:00", db: "JVNDB", id: "JVNDB-2018-001241", }, { date: "2019-10-03T00:03:26.223000", db: "NVD", id: "CVE-2018-0784", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201801-406", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201801-406", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ASP.NET Core Vulnerability in which privileges are elevated", sources: [ { db: "JVNDB", id: "JVNDB-2018-001241", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-201801-406", }, ], trust: 0.6, }, }
var-201705-3360
Vulnerability from variot
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.1", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.1", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net", scope: "eq", trust: 0.8, vendor: "microsoft", version: "core", }, { model: "asp.net core", scope: null, trust: 0.6, vendor: "microsoft", version: null, }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-0249", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft", sources: [ { db: "BID", id: "98118", }, ], trust: 0.3, }, cve: "CVE-2017-0249", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-0249", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2017-07323", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 7.3, baseSeverity: "High", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2017-0249", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-0249", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-07323", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201705-736", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-0249", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access", sources: [ { db: "NVD", id: "CVE-2017-0249", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "CNVD", id: "CNVD-2017-07323", }, { db: "CNNVD", id: "CNNVD-201705-736", }, { db: "BID", id: "98118", }, { db: "VULMON", id: "CVE-2017-0249", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-0249", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2017-003294", trust: 0.8, }, { db: "CNVD", id: "CNVD-2017-07323", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201705-736", trust: 0.6, }, { db: "BID", id: "98118", trust: 0.4, }, { db: "VULMON", id: "CVE-2017-0249", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, id: "VAR-201705-3360", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, ], trust: 0.81178882, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, ], }, last_update_date: "2023-12-18T12:44:36.871000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", trust: 0.8, url: "https://github.com/aspnet/announcements/issues/239", }, { title: "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/94179", }, { title: "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70329", }, { title: "OssIndexClient", trust: 0.1, url: "https://github.com/simoncropp/ossindexclient ", }, { title: "", trust: 0.1, url: "https://github.com/shiftingleft/dotnet-scm-test ", }, { title: "", trust: 0.1, url: "https://github.com/jnewman-sonatype/dotnettest ", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/aspnet/announcements/issues/239", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-0249", }, { trust: 0.3, url: "http://www.microsoft.com", }, { trust: 0.3, url: "https://technet.microsoft.com/library/security/4021279.aspx", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.securityfocus.com/bid/98118", }, { trust: 0.1, url: "https://github.com/simoncropp/ossindexclient", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07323", }, { date: "2017-05-12T00:00:00", db: "VULMON", id: "CVE-2017-0249", }, { date: "2017-05-10T00:00:00", db: "BID", id: "98118", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003294", }, { date: "2017-05-12T14:29:04.003000", db: "NVD", id: "CVE-2017-0249", }, { date: "2017-05-18T00:00:00", db: "CNNVD", id: "CNNVD-201705-736", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07323", }, { date: "2021-06-30T00:00:00", db: "VULMON", id: "CVE-2017-0249", }, { date: "2017-05-23T16:25:00", db: "BID", id: "98118", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003294", }, { date: "2021-06-30T16:54:22.617000", db: "NVD", id: "CVE-2017-0249", }, { date: "2021-07-01T00:00:00", db: "CNNVD", id: "CNNVD-201705-736", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201705-736", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft ASP.NET Core Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-003294", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201705-736", }, ], trust: 0.6, }, }
var-201705-3317
Vulnerability from variot
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3317", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "system.net.websockets.client", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "system.text.encodings.web", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "system.net.security", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "system.net.websockets.client", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.0", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "system.net.security", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "system.text.encodings.web", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.0", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "system.net.http", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "system.net.http", scope: "eq", trust: 1, vendor: "microsoft", version: "4.1.1", }, { model: "asp.net", scope: "eq", trust: 0.8, vendor: "microsoft", version: "core", }, { model: "asp.net", scope: null, trust: 0.6, vendor: "microsoft", version: null, }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-0256", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Mikhail Shcherbakov", sources: [ { db: "BID", id: "98290", }, ], trust: 0.3, }, cve: "CVE-2017-0256", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0256", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2017-08173", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0256", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-0256", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2017-08173", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201705-735", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2017-0256", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible", sources: [ { db: "NVD", id: "CVE-2017-0256", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "CNVD", id: "CNVD-2017-08173", }, { db: "CNNVD", id: "CNNVD-201705-735", }, { db: "BID", id: "98290", }, { db: "VULMON", id: "CVE-2017-0256", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-0256", trust: 3.4, }, { db: "BID", id: "98290", trust: 1, }, { db: "JVNDB", id: "JVNDB-2017-003295", trust: 0.8, }, { db: "CNVD", id: "CNVD-2017-08173", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201705-735", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-0256", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, id: "VAR-201705-3317", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, ], }, last_update_date: "2023-12-18T13:24:27.044000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", trust: 0.8, url: "https://github.com/aspnet/announcements/issues/239", }, { title: "Patch for Microsoft ASP.NET Core Spoofing Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/94465", }, { title: "Microsoft ASP.NET Core Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70330", }, { title: "OssIndexClient", trust: 0.1, url: "https://github.com/simoncropp/ossindexclient ", }, { title: "", trust: 0.1, url: "https://github.com/shiftingleft/dotnet-scm-test ", }, { title: "", trust: 0.1, url: "https://github.com/jnewman-sonatype/dotnettest ", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/aspnet/announcements/issues/239", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0256", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-0256", }, { trust: 0.3, url: "http://www.microsoft.com", }, { trust: 0.3, url: "https://technet.microsoft.com/library/security/4021279.aspx", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://www.securityfocus.com/bid/98290", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/simoncropp/ossindexclient", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-06-05T00:00:00", db: "CNVD", id: "CNVD-2017-08173", }, { date: "2017-05-12T00:00:00", db: "VULMON", id: "CVE-2017-0256", }, { date: "2017-05-10T00:00:00", db: "BID", id: "98290", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003295", }, { date: "2017-05-12T14:29:04.457000", db: "NVD", id: "CVE-2017-0256", }, { date: "2017-05-22T00:00:00", db: "CNNVD", id: "CNNVD-201705-735", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-06-05T00:00:00", db: "CNVD", id: "CNVD-2017-08173", }, { date: "2021-06-30T00:00:00", db: "VULMON", id: "CVE-2017-0256", }, { date: "2017-05-23T16:25:00", db: "BID", id: "98290", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003295", }, { date: "2021-06-30T16:54:22.617000", db: "NVD", id: "CVE-2017-0256", }, { date: "2021-07-01T00:00:00", db: "CNNVD", id: "CNNVD-201705-735", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201705-735", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft ASP.NET Core Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-003295", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201705-735", }, ], trust: 0.6, }, }
var-201705-3358
Vulnerability from variot
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.1", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.1", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net", scope: "eq", trust: 0.8, vendor: "microsoft", version: "core", }, { model: "asp.net core", scope: null, trust: 0.6, vendor: "microsoft", version: null, }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-0247", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "David Fernandez of Sidertia Solutions", sources: [ { db: "BID", id: "98116", }, ], trust: 0.3, }, cve: "CVE-2017-0247", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0247", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2017-07322", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0247", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-0247", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-07322", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201705-737", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-0247", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service", sources: [ { db: "NVD", id: "CVE-2017-0247", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "CNVD", id: "CNVD-2017-07322", }, { db: "CNNVD", id: "CNNVD-201705-737", }, { db: "BID", id: "98116", }, { db: "VULMON", id: "CVE-2017-0247", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-0247", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2017-003293", trust: 0.8, }, { db: "CNVD", id: "CNVD-2017-07322", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201705-737", trust: 0.6, }, { db: "BID", id: "98116", trust: 0.4, }, { db: "VULMON", id: "CVE-2017-0247", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, id: "VAR-201705-3358", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, ], trust: 0.81178882, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, ], }, last_update_date: "2023-12-18T12:37:26.188000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", trust: 0.8, url: "https://github.com/aspnet/announcements/issues/239", }, { title: "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/94177", }, { title: "Microsoft ASP.NET Core Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70331", }, { title: "", trust: 0.1, url: "https://github.com/dotnet/source-build-reference-packages ", }, { title: "OssIndexClient", trust: 0.1, url: "https://github.com/simoncropp/ossindexclient ", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/aspnet/announcements/issues/239", }, { trust: 1.7, url: "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos", }, { trust: 1.7, url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-0247", }, { trust: 0.3, url: "http://www.microsoft.com", }, { trust: 0.3, url: "https://technet.microsoft.com/library/security/4021279.aspx", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://github.com/dotnet/source-build-reference-packages", }, { trust: 0.1, url: "https://www.securityfocus.com/bid/98116", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/simoncropp/ossindexclient", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07322", }, { date: "2017-05-12T00:00:00", db: "VULMON", id: "CVE-2017-0247", }, { date: "2017-05-10T00:00:00", db: "BID", id: "98116", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003293", }, { date: "2017-05-12T14:29:03.910000", db: "NVD", id: "CVE-2017-0247", }, { date: "2017-05-18T00:00:00", db: "CNNVD", id: "CNNVD-201705-737", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07322", }, { date: "2021-06-30T00:00:00", db: "VULMON", id: "CVE-2017-0247", }, { date: "2017-05-23T16:25:00", db: "BID", id: "98116", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003293", }, { date: "2021-06-30T16:54:22.617000", db: "NVD", id: "CVE-2017-0247", }, { date: "2021-07-01T00:00:00", db: "CNNVD", id: "CNNVD-201705-737", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201705-737", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft ASP.NET Core Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-003293", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201705-737", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
Published
2010-05-27 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:2.0:*:*:*:*:*:*:*", matchCriteriaId: "87CEF73C-9D53-484C-8240-46716C16B648", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.", }, { lang: "es", value: "Microsoft ASP.NET v2.0 no previene fijar la propiedad InnerHtml en un control que hereda de HtmlContainerControl, lo que permite a atacantes remotos conducir un ataque de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de vectores relativos a un atributo.", }, ], id: "CVE-2010-2084", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-05-27T19:00:01.000", references: [ { source: "cve@mitre.org", url: "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2006-03-23 11:06
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*", matchCriteriaId: "8B666A98-0AC9-41D5-AB92-226BB6BC4681", versionEndIncluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*", matchCriteriaId: "CC441C4B-3A1E-4709-8601-44477A6D5FA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.", }, ], id: "CVE-2006-1364", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2006-03-23T11:06:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1015825", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/428622/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/17188", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/1601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1015825", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/428622/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/17188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/1601", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-02-16 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*", matchCriteriaId: "23853366-133E-40D0-9CD5-9995A642728F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "CA932DEC-C465-45A7-860C-4217D72EDCAA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.0:sp2:*:*:*:*:*:*", matchCriteriaId: "FCCD7252-375C-44AC-9761-C14723B8AFF8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*", matchCriteriaId: "D1D8B732-4FC7-4454-9F94-B1C99952462A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*", matchCriteriaId: "CC441C4B-3A1E-4709-8601-44477A6D5FA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \">\" and \"<\".", }, ], id: "CVE-2005-0452", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-02-16T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=110867912714913&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/14214", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/12574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=110867912714913&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/14214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securityfocus.com/bid/12574", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*", matchCriteriaId: "23853366-133E-40D0-9CD5-9995A642728F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*", matchCriteriaId: "D1D8B732-4FC7-4454-9F94-B1C99952462A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.", }, ], id: "CVE-2005-1665", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/15241", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/16195", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/15241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/16195", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-05-27 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:3.5:*:*:*:*:*:*:*", matchCriteriaId: "96BB0F56-DEDE-406F-BAB8-116DAB857D2C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.", }, { lang: "es", value: "ASP.NET en Microsoft .NET 3.5 no maneja de forma adecuada el estado de vista no cifrada, lo que permite a atacantes remotos a producir un ataque de ejecución de secuencias de comandos en sitios cruzados (XSS) mediante el formulario de control a través del parámetro __VIEWSTATE.", }, ], id: "CVE-2010-2088", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-05-27T19:00:01.140", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2003-09-22 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*", matchCriteriaId: "D1D8B732-4FC7-4454-9F94-B1C99952462A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.", }, { lang: "es", value: "Microsoft ASP.Net 1.1 permite a atacantes remotos saltarse la protección contra inyección de script y secuencias de comandos en sitios cruzados (XSS) mediante un carácter nulo al comienzo de un nombre de etiqueta.", }, ], id: "CVE-2003-0768", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2003-09-22T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=106304326916062&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=106304326916062&w=2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2004-11-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*", matchCriteriaId: "8B666A98-0AC9-41D5-AB92-226BB6BC4681", versionEndIncluding: "1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:sp1:*:*:*:*:*:*", matchCriteriaId: "CC441C4B-3A1E-4709-8601-44477A6D5FA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\"", }, { lang: "es", value: "La característica de autenticación en formularios .NET permite a atacantes remotos evitar la autenticación de ficheros .aspx en directorios restringidos mediante una petición conteniendo un (1) 1) \"\" (barra invertida) or (2) \"\"%5C\"\" (barra invertida codificada).", }, ], id: "CVE-2004-0847", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2004-11-03T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/283646", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/11342", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-039A.html", }, { source: "cve@mitre.org", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/283646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/11342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA05-039A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:1.0:*:*:*:*:*:*:*", matchCriteriaId: "23853366-133E-40D0-9CD5-9995A642728F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*", matchCriteriaId: "D1D8B732-4FC7-4454-9F94-B1C99952462A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.", }, ], id: "CVE-2005-1664", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=111532887612517&w=2", }, { source: "cve@mitre.org", url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/15241", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/16196", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=111513127704270&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=111532887612517&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://scottonwriting.net/sowblog/posts/3747.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/15241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/16196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/16005 | Not Applicable, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/14217 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.spidynamics.com/spilabs/advisories/aspRCP.html | Broken Link, Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16005 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14217 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.spidynamics.com/spilabs/advisories/aspRCP.html | Broken Link, Exploit, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net:-:*:*:*:*:*:*:*", matchCriteriaId: "167E1DC9-5E77-4B25-9F59-207ABE2BDCC9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.", }, ], id: "CVE-2005-2224", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-12T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/16005", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/14217", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.spidynamics.com/spilabs/advisories/aspRCP.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "http://secunia.com/advisories/16005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/14217", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Vendor Advisory", ], url: "http://www.spidynamics.com/spilabs/advisories/aspRCP.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }