Vulnerability-Lookup - Search a vulnerability

cve-2017-0249

Vulnerability from cvelistv5

Published

2017-05-12 14:00

Modified

2024-08-05 12:55

Severity ?

Summary

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

▼	URL	Tags
	https://github.com/aspnet/Announcements/issues/239	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Microsoft Corporation

ASP.NET Core

Version: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0249",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-0247

Vulnerability from cvelistv5

Published

2017-05-12 14:00

Modified

2024-08-05 12:55

Severity ?

Summary

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

References

▼	URL	Tags
	https://technet.microsoft.com/en-us/library/security/4021279.aspx	x_refsource_CONFIRM
	https://github.com/aspnet/Announcements/issues/239	x_refsource_MISC
	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Microsoft Corporation

ASP.NET Core

Version: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-25T18:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0247",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
              "refsource": "CONFIRM",
              "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
            },
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            },
            {
              "name": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
              "refsource": "MISC",
              "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0247",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-0256

Vulnerability from cvelistv5

Published

2017-05-12 14:00

Modified

2024-08-05 12:55

Severity ?

Summary

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

▼	URL	Tags
	https://github.com/aspnet/Announcements/issues/239	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Microsoft Corporation

ASP.NET Core

Version: ASP.NET Core

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0256",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0256",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4075

Vulnerability from cvelistv5

Published

2014-10-15 10:00

Modified

2024-08-06 11:04

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."

References

▼	URL	Tags
	http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	x_refsource_CONFIRM
	http://secunia.com/advisories/60971	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id/1031023	vdb-entry, x_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059	vendor-advisory, x_refsource_MS
	http://www.securityfocus.com/bid/70352	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:04:27.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
          },
          {
            "name": "60971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60971"
          },
          {
            "name": "1031023",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031023"
          },
          {
            "name": "MS14-059",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
          },
          {
            "name": "70352",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70352"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
        },
        {
          "name": "60971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60971"
        },
        {
          "name": "1031023",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031023"
        },
        {
          "name": "MS14-059",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
        },
        {
          "name": "70352",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70352"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-4075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
            },
            {
              "name": "60971",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60971"
            },
            {
              "name": "1031023",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031023"
            },
            {
              "name": "MS14-059",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
            },
            {
              "name": "70352",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70352"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2014-4075",
    "datePublished": "2014-10-15T10:00:00",
    "dateReserved": "2014-06-12T00:00:00",
    "dateUpdated": "2024-08-06T11:04:27.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8171

Vulnerability from cvelistv5

Published

2018-07-11 00:00

Modified

2024-08-05 06:46

Severity ?

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1041267	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/104659	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Microsoft

ASP.NET

Version: Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Version: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3

	Microsoft	ASP.NET Core	Version: 1.0 Version: 1.1 Version: 2.0
	Microsoft	ASP.NET MVC 5.2	Version: Microsoft Visual Studio 2013 Update 5 Version: Microsoft Visual Studio 2015 Update 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041267",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041267"
          },
          {
            "name": "104659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
            }
          ]
        },
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        },
        {
          "product": "ASP.NET MVC 5.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2013 Update 5"
            },
            {
              "status": "affected",
              "version": "Microsoft Visual Studio 2015 Update 3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041267",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041267"
        },
        {
          "name": "104659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0"
                          },
                          {
                            "version_value": "1.1"
                          },
                          {
                            "version_value": "2.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ASP.NET MVC 5.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Visual Studio 2013 Update 5"
                          },
                          {
                            "version_value": "Microsoft Visual Studio 2015 Update 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041267",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041267"
            },
            {
              "name": "104659",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104659"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8171",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2017-05-12 14:29

Modified

2024-11-21 03:02

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

▼	URL	Tags
	secure@microsoft.com	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de suplantaci\u00f3n de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web."
    }
  ],
  "id": "CVE-2017-0256",
  "lastModified": "2024-11-21T03:02:38.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T14:29:04.457",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-10-15 10:55

Modified

2024-11-21 02:09

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."

References

URL	Tags
secure@microsoft.com	http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	Vendor Advisory
secure@microsoft.com	http://secunia.com/advisories/60971
secure@microsoft.com	http://www.securityfocus.com/bid/70352
secure@microsoft.com	http://www.securitytracker.com/id/1031023
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/60971
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70352
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031023
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	2.0
microsoft	asp.net_model_view_controller	3.0
microsoft	asp.net_model_view_controller	4.0
microsoft	asp.net_model_view_controller	5.0
microsoft	asp.net_model_view_controller	5.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA75510-B600-4420-8D3F-CB6E855F799F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FEF925-7678-47DD-983C-AE130A241046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E84E77D3-7E27-4C3C-85BC-F61BCA9F30F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F87CECA-F050-4B1F-9B67-C3C107329D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6FBFC7B-07B7-42A9-B2B9-90699AD43001",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en System.Web.Mvc.dll en Microsoft ASP.NET Model View Controller (MVC) 2.0 hasta 5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocido como \u0027vulnerabilidad de XSS de MVC.\u0027"
    }
  ],
  "id": "CVE-2014-4075",
  "lastModified": "2024-11-21T02:09:27.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-10-15T10:55:07.427",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/60971"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/70352"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1031023"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/70352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-05-12 14:29

Modified

2024-11-21 03:02

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

▼	URL	Tags
	secure@microsoft.com	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web."
    }
  ],
  "id": "CVE-2017-0249",
  "lastModified": "2024-11-21T03:02:37.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T14:29:04.003",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-05-12 14:29

Modified

2024-11-21 03:02

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

References

URL	Tags
secure@microsoft.com	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
secure@microsoft.com	https://technet.microsoft.com/en-us/library/security/4021279.aspx	Patch, Vendor Advisory
secure@microsoft.com	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/aspnet/Announcements/issues/239	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://technet.microsoft.com/en-us/library/security/4021279.aspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_model_view_controller	1.0.0
microsoft	asp.net_model_view_controller	1.0.1
microsoft	asp.net_model_view_controller	1.0.2
microsoft	asp.net_model_view_controller	1.0.3
microsoft	asp.net_model_view_controller	1.1.0
microsoft	asp.net_model_view_controller	1.1.1
microsoft	asp.net_model_view_controller	1.1.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.2
microsoft	microsoft.aspnetcore.mvc.abstractions	1.0.3
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.0
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.1
microsoft	microsoft.aspnetcore.mvc.abstractions	1.1.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.2
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.0.3
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.0
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.1
microsoft	microsoft.aspnetcore.mvc.apiexplorer	1.1.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.0
microsoft	microsoft.aspnetcore.mvc.cors	1.0.1
microsoft	microsoft.aspnetcore.mvc.cors	1.0.2
microsoft	microsoft.aspnetcore.mvc.cors	1.0.3
microsoft	microsoft.aspnetcore.mvc.cors	1.1.0
microsoft	microsoft.aspnetcore.mvc.cors	1.1.1
microsoft	microsoft.aspnetcore.mvc.cors	1.1.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.2
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.0.3
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.0
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.1
microsoft	microsoft.aspnetcore.mvc.dataannotations	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.json	1.1.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.2
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.0.3
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.0
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.1
microsoft	microsoft.aspnetcore.mvc.formatters.xml	1.1.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.0
microsoft	microsoft.aspnetcore.mvc.localization	1.0.1
microsoft	microsoft.aspnetcore.mvc.localization	1.0.2
microsoft	microsoft.aspnetcore.mvc.localization	1.0.3
microsoft	microsoft.aspnetcore.mvc.localization	1.1.0
microsoft	microsoft.aspnetcore.mvc.localization	1.1.1
microsoft	microsoft.aspnetcore.mvc.localization	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor	1.1.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.2
microsoft	microsoft.aspnetcore.mvc.razor.host	1.0.3
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.0
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.1
microsoft	microsoft.aspnetcore.mvc.razor.host	1.1.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.2
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.0.3
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.0
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.1
microsoft	microsoft.aspnetcore.mvc.taghelpers	1.1.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.2
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.0.3
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.0
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.1
microsoft	microsoft.aspnetcore.mvc.viewfeatures	1.1.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.2
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.0.3
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.0
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.1
microsoft	microsoft.aspnetcore.mvc.webapicompatshim	1.1.2
microsoft	system.net.http	4.1.1
microsoft	system.net.http	4.3.1
microsoft	system.net.http.winhttphandler	4.0.1
microsoft	system.net.http.winhttphandler	4.3.0
microsoft	system.net.security	4.0.0
microsoft	system.net.security	4.3.0
microsoft	system.net.websockets.client	4.0.0
microsoft	system.net.websockets.client	4.3.0
microsoft	system.text.encodings.web	4.0.0
microsoft	system.text.encodings.web	4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
              "matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la funci\u00f3n TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a  1.1.3 permite a los atacantes remotos causar una denegaci\u00f3n de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin car\u00e1cter Unicode."
    }
  ],
  "id": "CVE-2017-0247",
  "lastModified": "2024-11-21T03:02:37.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-12T14:29:03.910",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aspnet/Announcements/issues/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-07-11 00:29

Modified

2024-11-21 04:13

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/104659	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1041267	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104659	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041267	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	asp.net_core	1.0
microsoft	asp.net_core	1.1
microsoft	asp.net_core	2.0
microsoft	asp.net_model_view_controller	5.2
microsoft	asp.net_webpages	3.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0913F82A-985A-401D-89F6-191684A8AB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8256236D-D4F0-4207-B82D-18B0135CEB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "345222C2-CD5B-4613-9FF3-9D034974D54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72194690-5B02-4E16-81CE-8447790D67A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E601B5A5-E15B-43BD-98D7-20CBF28A55C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en ASP.NET cuando el n\u00famero de intentos de inicio de sesi\u00f3n incorrectos no se valida. Esto tambi\u00e9n se conoce como \"ASP.NET Security Feature Bypass Vulnerability\". Esto afecta a ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0 y ASP.NET MVC 5.2."
    }
  ],
  "id": "CVE-2018-8171",
  "lastModified": "2024-11-21T04:13:23.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T00:29:00.320",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104659"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041267"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

All the vulnerabilites related to microsoft - asp.net_model_view_controller

cve-2017-0249

Vulnerability from cvelistv5

cve-2017-0247

Vulnerability from cvelistv5

cve-2017-0256

Vulnerability from cvelistv5

cve-2014-4075

Vulnerability from cvelistv5

cve-2018-8171

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd