All the vulnerabilites related to microsoft - microsoft.aspnetcore.mvc.cors
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
| secure@microsoft.com | https://technet.microsoft.com/en-us/library/security/4021279.aspx | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://technet.microsoft.com/en-us/library/security/4021279.aspx | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la funci\u00f3n TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a 1.1.3 permite a los atacantes remotos causar una denegaci\u00f3n de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin car\u00e1cter Unicode."
}
],
"id": "CVE-2017-0247",
"lastModified": "2024-11-21T03:02:37.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-12T14:29:03.910",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"source": "secure@microsoft.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web."
}
],
"id": "CVE-2017-0249",
"lastModified": "2024-11-21T03:02:37.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-12T14:29:04.003",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72D49ACA-0755-425C-9162-8D40D7AADDC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB52597-3458-4816-8432-7948CA21B8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86207D1B-AE1B-4826-B07A-75815A5ED06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BC76DD26-1A09-419D-9156-16042FF7D508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2A701C76-6AC7-4230-B0C5-9CD91010349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B7E8D173-9F85-4796-8A97-A77A531A3C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "893BD886-23DC-41E9-9DD1-C367F1638CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3A31726B-E001-4568-9538-150C438D4D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "22473819-A864-4568-BB4F-B1B61D6BE768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "25F6E532-9282-4444-BE83-1D4254B78E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3D3B725F-E01E-4B44-B6FE-D384CB081880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BEB9143D-39A5-4A1A-8CF6-50A234476914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "784D8767-E542-4BEA-AC04-190EB86ACE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "24849B2C-4475-4F63-99F8-D63AC7455AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E53251EE-7C63-4597-817D-E0E046D45E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C4B607A3-3637-4785-A7FA-074B370B57A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "10769FE6-90C1-41EF-B59C-2DF602798AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9F2FF0F8-0447-442F-99C7-AAE364942263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "82A352B2-00B5-40EB-A053-3871999FF549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "1D0612F5-8621-4FEB-B84D-6116CD92C671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "D917236C-B53D-454C-9FCD-4D0F48849C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "32B849F2-CD4B-45DB-86DD-77248ED82C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "28A15818-8AB8-4253-9D82-D968B05D4416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C59BDECB-3184-4BE3-91B5-4703170D6E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F8A9187E-AAF3-4186-9014-13D304463F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "19022A88-C140-4C64-8BAD-43CE0E448D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "36170C72-162C-44F1-8291-DCF12AAC3D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "97E0DE96-A8CA-4395-8955-3223754A7678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "95D892B0-08CD-479B-8DBA-2E296A2139EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "16E5978D-49B7-4948-A57F-D0903CC2726B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "175E800A-6295-4EDD-AD76-AED50C4ED29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DD429092-758C-40E2-9B62-552062DE5C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4B124905-C4EB-4943-BF9D-97DD9C63C773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F1382D94-3442-4770-99BC-A803DB7D99CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "72682900-3DEA-43E8-9E60-04D8AA575353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4322AC03-A133-4778-A2F1-AD509764BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E4779EAE-28C3-454F-853C-45D7A4B264BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "34EB1A01-873A-4395-84D9-B048E2E12A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "389FB05C-C41F-4162-B868-472A6FEE18BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "944C87F4-591A-46A3-A6BE-68CF070D2557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "6A5CA6EF-184A-4D35-A430-8D708041C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7264CABF-8603-445F-8728-A53575239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "776B722D-0DA6-4994-9323-06165E562489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "77A16675-CD3A-427B-888E-B1D8A51189AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B28A24AD-C225-45B3-8156-5A8107A7073C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "22B75008-7F05-4923-88D9-0D6619568C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "8799CB21-5F98-4368-A1BC-2746438757CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "79D7994A-ABDF-4F02-841D-B082917CA9F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "71FFFD6C-1243-480F-874E-3548EED2D471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "76906A3F-9A22-453F-BCCF-35C248E6788C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E7A176BB-A188-44A9-9E52-D385B13D328F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "F376D1B3-5801-4BC3-B060-39DC928A9838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"matchCriteriaId": "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de suplantaci\u00f3n de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web."
}
],
"id": "CVE-2017-0256",
"lastModified": "2024-11-21T03:02:38.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-12T14:29:04.457",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201705-3317
Vulnerability from variot
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3317",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0256"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikhail Shcherbakov",
"sources": [
{
"db": "BID",
"id": "98290"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0256",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-08173",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0256",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0256",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-08173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-0256",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0256",
"trust": 3.4
},
{
"db": "BID",
"id": "98290",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-08173",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-0256",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"id": "VAR-201705-3317",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
}
]
},
"last_update_date": "2023-12-18T13:24:27.044000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Spoofing Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94465"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70330"
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shiftingleft/dotnet-scm-test "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jnewman-sonatype/dotnettest "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0256"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98290"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"date": "2017-05-12T14:29:04.457000",
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98290"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"date": "2021-06-30T16:54:22.617000",
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
],
"trust": 0.6
}
}
var-201705-3360
Vulnerability from variot
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "98118"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-0249",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07323",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-0249",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0249",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-0249",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0249",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07323",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736",
"trust": 0.6
},
{
"db": "BID",
"id": "98118",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-0249",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"id": "VAR-201705-3360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
}
]
},
"last_update_date": "2023-12-18T12:44:36.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94179"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70329"
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shiftingleft/dotnet-scm-test "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jnewman-sonatype/dotnettest "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0249"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98118"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98118"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"date": "2017-05-12T14:29:04.003000",
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98118"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"date": "2021-06-30T16:54:22.617000",
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
],
"trust": 0.6
}
}
var-201705-3358
Vulnerability from variot
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Fernandez of Sidertia Solutions",
"sources": [
{
"db": "BID",
"id": "98116"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0247",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07322",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0247",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0247",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-0247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0247",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07322",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737",
"trust": 0.6
},
{
"db": "BID",
"id": "98116",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-0247",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"id": "VAR-201705-3358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
}
]
},
"last_update_date": "2023-12-18T12:37:26.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94177"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70331"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/dotnet/source-build-reference-packages "
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 1.7,
"url": "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos"
},
{
"trust": 1.7,
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0247"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/source-build-reference-packages"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98116"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"date": "2017-05-12T14:29:03.910000",
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98116"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"date": "2021-06-30T16:54:22.617000",
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
],
"trust": 0.6
}
}
cve-2017-0256
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/aspnet/Announcements/issues/239 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "ASP.NET Core"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-12T13:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "ASP.NET Core"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aspnet/Announcements/issues/239",
"refsource": "MISC",
"url": "https://github.com/aspnet/Announcements/issues/239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0256",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0249
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/aspnet/Announcements/issues/239 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "ASP.NET Core"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-12T13:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "ASP.NET Core"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aspnet/Announcements/issues/239",
"refsource": "MISC",
"url": "https://github.com/aspnet/Announcements/issues/239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0249",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-0247
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
References
| ▼ | URL | Tags |
|---|---|---|
| https://technet.microsoft.com/en-us/library/security/4021279.aspx | x_refsource_CONFIRM | |
| https://github.com/aspnet/Announcements/issues/239 | x_refsource_MISC | |
| https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET Core",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "ASP.NET Core"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-25T18:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "ASP.NET Core"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
"refsource": "CONFIRM",
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"name": "https://github.com/aspnet/Announcements/issues/239",
"refsource": "MISC",
"url": "https://github.com/aspnet/Announcements/issues/239"
},
{
"name": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
"refsource": "MISC",
"url": "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0247",
"datePublished": "2017-05-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}