Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2018-8171

Vulnerability from fkie_nvd - Published: 2018-07-11 00:29 - Updated: 2024-11-21 04:13

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/104659	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1041267	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104659	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041267	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_core	1.0
microsoft	asp.net_core	1.1
microsoft	asp.net_core	2.0
microsoft	asp.net_model_view_controller	5.2
microsoft	asp.net_webpages	3.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0913F82A-985A-401D-89F6-191684A8AB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8256236D-D4F0-4207-B82D-18B0135CEB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "345222C2-CD5B-4613-9FF3-9D034974D54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72194690-5B02-4E16-81CE-8447790D67A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E601B5A5-E15B-43BD-98D7-20CBF28A55C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en ASP.NET cuando el n\u00famero de intentos de inicio de sesi\u00f3n incorrectos no se valida. Esto tambi\u00e9n se conoce como \"ASP.NET Security Feature Bypass Vulnerability\". Esto afecta a ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0 y ASP.NET MVC 5.2."
    }
  ],
  "id": "CVE-2018-8171",
  "lastModified": "2024-11-21T04:13:23.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T00:29:00.320",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104659"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041267"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2017-0256

Vulnerability from fkie_nvd - Published: 2017-05-12 14:29 - Updated: 2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

	URL	Tags
	secure@microsoft.com	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de suplantaci\u00f3n de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web."
    }
  ],
  "id": "CVE-2017-0256",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T14:29:04.457",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2017-0249

Vulnerability from fkie_nvd - Published: 2017-05-12 14:29 - Updated: 2025-04-20 01:37

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

	URL	Tags
	secure@microsoft.com	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web."
    }
  ],
  "id": "CVE-2017-0249",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T14:29:04.003",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2017-0247

Vulnerability from fkie_nvd - Published: 2017-05-12 14:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

References

URL	Tags
secure@microsoft.com	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
secure@microsoft.com	https://technet.microsoft.com/en-us/library/security/4021279.aspx	Patch, Vendor Advisory
secure@microsoft.com	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://technet.microsoft.com/en-us/library/security/4021279.aspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la funci\u00f3n TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a  1.1.3 permite a los atacantes remotos causar una denegaci\u00f3n de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin car\u00e1cter Unicode."
    }
  ],
  "id": "CVE-2017-0247",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T14:29:03.910",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2014-4075

Vulnerability from fkie_nvd - Published: 2014-10-15 10:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/60971
secure@microsoft.com	http://www.securityfocus.com/bid/70352
secure@microsoft.com	http://www.securitytracker.com/id/1031023
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60971
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70352
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031023
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	2.0
microsoft	asp.net_model_view_controller	3.0
microsoft	asp.net_model_view_controller	4.0
microsoft	asp.net_model_view_controller	5.0
microsoft	asp.net_model_view_controller	5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA75510-B600-4420-8D3F-CB6E855F799F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FEF925-7678-47DD-983C-AE130A241046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E84E77D3-7E27-4C3C-85BC-F61BCA9F30F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F87CECA-F050-4B1F-9B67-C3C107329D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6FBFC7B-07B7-42A9-B2B9-90699AD43001",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en System.Web.Mvc.dll en Microsoft ASP.NET Model View Controller (MVC) 2.0 hasta 5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocido como \u0027vulnerabilidad de XSS de MVC.\u0027"
    }
  ],
  "id": "CVE-2014-4075",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-10-15T10:55:07.427",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/60971"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/70352"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1031023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-8171 (GCVE-0-2018-8171)

Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Severity ?

No CVSS data available.

CWE

Security Feature Bypass

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1041267	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/104659	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Microsoft

ASP.NET

Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3

	Microsoft	ASP.NET Core	Affected: 1.0 Affected: 1.1 Affected: 2.0
	Microsoft	ASP.NET MVC 5.2	Affected: Microsoft Visual Studio 2013 Update 5 Affected: Microsoft Visual Studio 2015 Update 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041267",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041267"
          },
          {
            "name": "104659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "ASP.NET MVC 5.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2015 Update 3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041267",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041267"
        },
        {
          "name": "104659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET MVC 5.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041267",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041267"
            },
            {
              "name": "104659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104659"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8171",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0247 (GCVE-0-2017-0247)

Vulnerability from cvelistv5 – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55

Summary

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

microsoft

References

URL

Tags

	https://technet.microsoft.com/en-us/library/secur…	x_refsource_CONFIRM
	https://github.com/aspnet/Announcements/issues/239	x_refsource_MISC
	https://www.sidertia.com/Home/Community/Blog/2017…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ASP.NET Core	Affected: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-25T18:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0247",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
              "refsource": "CONFIRM",
              "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
            },
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            },
            {
              "name": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
              "refsource": "MISC",
              "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0247",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0249 (GCVE-0-2017-0249)

Vulnerability from cvelistv5 – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55

Summary

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Severity ?

No CVSS data available.

CWE

Elevation of Privilege

Assigner

microsoft

References

URL

Tags

https://github.com/aspnet/Announcements/issues/239

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ASP.NET Core	Affected: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0249",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0256 (GCVE-0-2017-0256)

Vulnerability from cvelistv5 – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55

Summary

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Severity ?

No CVSS data available.

CWE

Spoofing

Assigner

microsoft

References

URL

Tags

https://github.com/aspnet/Announcements/issues/239

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ASP.NET Core	Affected: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0256",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0256",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4075 (GCVE-0-2014-4075)

Vulnerability from cvelistv5 – Published: 2014-10-15 10:00 – Updated: 2024-08-06 11:04

Summary

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."

Severity ?

No CVSS data available.

CWE

n/a

Assigner

microsoft

References

URL

Tags

	http://blogs.technet.com/b/srd/archive/2014/10/14…	x_refsource_CONFIRM
	http://secunia.com/advisories/60971	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1031023	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/70352	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:27.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
          },
          {
            "name": "60971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60971"
          },
          {
            "name": "1031023",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031023"
          },
          {
            "name": "MS14-059",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
          },
          {
            "name": "70352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70352"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
        },
        {
          "name": "60971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60971"
        },
        {
          "name": "1031023",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031023"
        },
        {
          "name": "MS14-059",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
        },
        {
          "name": "70352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70352"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-4075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
            },
            {
              "name": "60971",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60971"
            },
            {
              "name": "1031023",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031023"
            },
            {
              "name": "MS14-059",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
            },
            {
              "name": "70352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70352"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2014-4075",
    "datePublished": "2014-10-15T10:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:27.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-8171 (GCVE-0-2018-8171)

Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Severity ?

No CVSS data available.

CWE

Security Feature Bypass

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1041267	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/104659	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Microsoft

ASP.NET

Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3

	Microsoft	ASP.NET Core	Affected: 1.0 Affected: 1.1 Affected: 2.0
	Microsoft	ASP.NET MVC 5.2	Affected: Microsoft Visual Studio 2013 Update 5 Affected: Microsoft Visual Studio 2015 Update 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041267",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041267"
          },
          {
            "name": "104659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "ASP.NET MVC 5.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2015 Update 3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041267",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041267"
        },
        {
          "name": "104659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET MVC 5.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041267",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041267"
            },
            {
              "name": "104659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104659"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8171",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0247 (GCVE-0-2017-0247)

Vulnerability from nvd – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55

Summary

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

microsoft

References

URL

Tags

	https://technet.microsoft.com/en-us/library/secur…	x_refsource_CONFIRM
	https://github.com/aspnet/Announcements/issues/239	x_refsource_MISC
	https://www.sidertia.com/Home/Community/Blog/2017…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ASP.NET Core	Affected: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-25T18:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0247",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
              "refsource": "CONFIRM",
              "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
            },
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            },
            {
              "name": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
              "refsource": "MISC",
              "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0247",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0249 (GCVE-0-2017-0249)

Vulnerability from nvd – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55

Summary

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Severity ?

No CVSS data available.

CWE

Elevation of Privilege

Assigner

microsoft

References

URL

Tags

https://github.com/aspnet/Announcements/issues/239

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ASP.NET Core	Affected: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0249",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-0256 (GCVE-0-2017-0256)

Vulnerability from nvd – Published: 2017-05-12 14:00 – Updated: 2024-08-05 12:55

Summary

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Severity ?

No CVSS data available.

CWE

Spoofing

Assigner

microsoft

References

URL

Tags

https://github.com/aspnet/Announcements/issues/239

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft Corporation	ASP.NET Core	Affected: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0256",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0256",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4075 (GCVE-0-2014-4075)

Vulnerability from nvd – Published: 2014-10-15 10:00 – Updated: 2024-08-06 11:04

Summary

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."

Severity ?

No CVSS data available.

CWE

n/a

Assigner

microsoft

References

URL

Tags

	http://blogs.technet.com/b/srd/archive/2014/10/14…	x_refsource_CONFIRM
	http://secunia.com/advisories/60971	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1031023	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/70352	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:27.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
          },
          {
            "name": "60971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60971"
          },
          {
            "name": "1031023",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031023"
          },
          {
            "name": "MS14-059",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
          },
          {
            "name": "70352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70352"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
        },
        {
          "name": "60971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60971"
        },
        {
          "name": "1031023",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031023"
        },
        {
          "name": "MS14-059",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
        },
        {
          "name": "70352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70352"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-4075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
            },
            {
              "name": "60971",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60971"
            },
            {
              "name": "1031023",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031023"
            },
            {
              "name": "MS14-059",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
            },
            {
              "name": "70352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70352"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2014-4075",
    "datePublished": "2014-10-15T10:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:27.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

15 vulnerabilities found for asp.net_model_view_controller by microsoft

FKIE_CVE-2018-8171

FKIE_CVE-2017-0256

FKIE_CVE-2017-0249

FKIE_CVE-2017-0247

FKIE_CVE-2014-4075

CVE-2018-8171 (GCVE-0-2018-8171)

CVE-2017-0247 (GCVE-0-2017-0247)

CVE-2017-0249 (GCVE-0-2017-0249)

CVE-2017-0256 (GCVE-0-2017-0256)

CVE-2014-4075 (GCVE-0-2014-4075)

CVE-2018-8171 (GCVE-0-2018-8171)

CVE-2017-0247 (GCVE-0-2017-0247)

CVE-2017-0249 (GCVE-0-2017-0249)

CVE-2017-0256 (GCVE-0-2017-0256)

CVE-2014-4075 (GCVE-0-2014-4075)