Vulnerabilites related to microsoft - microsoft.aspnetcore.mvc.localization
cve-2017-0256
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
Summary
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
Impacted products
Vendor Product Version
Microsoft Corporation ASP.NET Core Version: ASP.NET Core
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:55:19.325Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/aspnet/Announcements/issues/239",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "ASP.NET Core",
               vendor: "Microsoft Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "ASP.NET Core",
                  },
               ],
            },
         ],
         datePublic: "2017-05-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Spoofing",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-05-12T13:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/aspnet/Announcements/issues/239",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2017-0256",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "ASP.NET Core",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "ASP.NET Core",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Microsoft Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Spoofing",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/aspnet/Announcements/issues/239",
                     refsource: "MISC",
                     url: "https://github.com/aspnet/Announcements/issues/239",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2017-0256",
      datePublished: "2017-05-12T14:00:00",
      dateReserved: "2016-09-09T00:00:00",
      dateUpdated: "2024-08-05T12:55:19.325Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-0247
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
Summary
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
Impacted products
Vendor Product Version
Microsoft Corporation ASP.NET Core Version: ASP.NET Core
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:55:19.171Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/aspnet/Announcements/issues/239",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "ASP.NET Core",
               vendor: "Microsoft Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "ASP.NET Core",
                  },
               ],
            },
         ],
         datePublic: "2017-05-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-05-25T18:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/aspnet/Announcements/issues/239",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2017-0247",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "ASP.NET Core",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "ASP.NET Core",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Microsoft Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
                     refsource: "CONFIRM",
                     url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
                  },
                  {
                     name: "https://github.com/aspnet/Announcements/issues/239",
                     refsource: "MISC",
                     url: "https://github.com/aspnet/Announcements/issues/239",
                  },
                  {
                     name: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
                     refsource: "MISC",
                     url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2017-0247",
      datePublished: "2017-05-12T14:00:00",
      dateReserved: "2016-09-09T00:00:00",
      dateUpdated: "2024-08-05T12:55:19.171Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-0249
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
Summary
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
Impacted products
Vendor Product Version
Microsoft Corporation ASP.NET Core Version: ASP.NET Core
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:55:19.336Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/aspnet/Announcements/issues/239",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "ASP.NET Core",
               vendor: "Microsoft Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "ASP.NET Core",
                  },
               ],
            },
         ],
         datePublic: "2017-05-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Elevation of Privilege",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-05-12T13:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/aspnet/Announcements/issues/239",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2017-0249",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "ASP.NET Core",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "ASP.NET Core",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Microsoft Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Elevation of Privilege",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/aspnet/Announcements/issues/239",
                     refsource: "MISC",
                     url: "https://github.com/aspnet/Announcements/issues/239",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2017-0249",
      datePublished: "2017-05-12T14:00:00",
      dateReserved: "2016-09-09T00:00:00",
      dateUpdated: "2024-08-05T12:55:19.336Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-201705-3360
Vulnerability from variot

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "system.net.websockets.client",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.text.encodings.web",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.net.http.winhttphandler",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.net.security",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "system.net.websockets.client",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "system.net.security",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.text.encodings.web",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "system.net.http",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.1",
         },
         {
            model: "system.net.http.winhttphandler",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.1",
         },
         {
            model: "system.net.http",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "asp.net",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "core",
         },
         {
            model: "asp.net core",
            scope: null,
            trust: 0.6,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "asp.net",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "0",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "BID",
            id: "98118",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft",
      sources: [
         {
            db: "BID",
            id: "98118",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2017-0249",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2017-0249",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2017-07323",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "LOW",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  exploitabilityScore: 3.9,
                  impactScore: 3.4,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "Low",
                  baseScore: 7.3,
                  baseSeverity: "High",
                  confidentialityImpact: "Low",
                  exploitabilityScore: null,
                  id: "CVE-2017-0249",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2017-0249",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2017-07323",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201705-736",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2017-0249",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access",
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
         {
            db: "BID",
            id: "98118",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
         },
      ],
      trust: 3.06,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2017-0249",
            trust: 3.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "98118",
            trust: 0.4,
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            db: "BID",
            id: "98118",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   id: "VAR-201705-3360",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
      ],
      trust: 0.81178882,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
      ],
   },
   last_update_date: "2023-12-18T12:44:36.871000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
            trust: 0.8,
            url: "https://github.com/aspnet/announcements/issues/239",
         },
         {
            title: "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/94179",
         },
         {
            title: "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70329",
         },
         {
            title: "OssIndexClient",
            trust: 0.1,
            url: "https://github.com/simoncropp/ossindexclient ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/shiftingleft/dotnet-scm-test ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/jnewman-sonatype/dotnettest ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.6,
            url: "https://github.com/aspnet/announcements/issues/239",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-0249",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com",
         },
         {
            trust: 0.3,
            url: "https://technet.microsoft.com/library/security/4021279.aspx",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/20.html",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.securityfocus.com/bid/98118",
         },
         {
            trust: 0.1,
            url: "https://github.com/simoncropp/ossindexclient",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            db: "BID",
            id: "98118",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            db: "BID",
            id: "98118",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-05-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            date: "2017-05-12T00:00:00",
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            date: "2017-05-10T00:00:00",
            db: "BID",
            id: "98118",
         },
         {
            date: "2017-05-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            date: "2017-05-12T14:29:04.003000",
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            date: "2017-05-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-05-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2017-07323",
         },
         {
            date: "2021-06-30T00:00:00",
            db: "VULMON",
            id: "CVE-2017-0249",
         },
         {
            date: "2017-05-23T16:25:00",
            db: "BID",
            id: "98118",
         },
         {
            date: "2017-05-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
         {
            date: "2021-06-30T16:54:22.617000",
            db: "NVD",
            id: "CVE-2017-0249",
         },
         {
            date: "2021-07-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft ASP.NET Core Input validation vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-003294",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201705-736",
         },
      ],
      trust: 0.6,
   },
}

var-201705-3358
Vulnerability from variot

A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "system.net.websockets.client",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.text.encodings.web",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.net.http.winhttphandler",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.net.security",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "system.net.websockets.client",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "system.net.security",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "system.text.encodings.web",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "system.net.http",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.3.1",
         },
         {
            model: "system.net.http.winhttphandler",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.0.1",
         },
         {
            model: "system.net.http",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "4.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "asp.net",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "core",
         },
         {
            model: "asp.net core",
            scope: null,
            trust: 0.6,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "asp.net",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "0",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "BID",
            id: "98116",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "David Fernandez of Sidertia Solutions",
      sources: [
         {
            db: "BID",
            id: "98116",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2017-0247",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2017-0247",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CNVD-2017-07322",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  impactScore: 3.6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2017-0247",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2017-0247",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2017-07322",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201705-737",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2017-0247",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service",
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
         {
            db: "BID",
            id: "98116",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
         },
      ],
      trust: 3.06,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2017-0247",
            trust: 3.4,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "98116",
            trust: 0.4,
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            db: "BID",
            id: "98116",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   id: "VAR-201705-3358",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
      ],
      trust: 0.81178882,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
      ],
   },
   last_update_date: "2023-12-18T12:37:26.188000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
            trust: 0.8,
            url: "https://github.com/aspnet/announcements/issues/239",
         },
         {
            title: "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/94177",
         },
         {
            title: "Microsoft ASP.NET Core Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70331",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/dotnet/source-build-reference-packages ",
         },
         {
            title: "OssIndexClient",
            trust: 0.1,
            url: "https://github.com/simoncropp/ossindexclient ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.6,
            url: "https://github.com/aspnet/announcements/issues/239",
         },
         {
            trust: 1.7,
            url: "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos",
         },
         {
            trust: 1.7,
            url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-0247",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com",
         },
         {
            trust: 0.3,
            url: "https://technet.microsoft.com/library/security/4021279.aspx",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/20.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/dotnet/source-build-reference-packages",
         },
         {
            trust: 0.1,
            url: "https://www.securityfocus.com/bid/98116",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/simoncropp/ossindexclient",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            db: "BID",
            id: "98116",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            db: "BID",
            id: "98116",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-05-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            date: "2017-05-12T00:00:00",
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            date: "2017-05-10T00:00:00",
            db: "BID",
            id: "98116",
         },
         {
            date: "2017-05-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            date: "2017-05-12T14:29:03.910000",
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            date: "2017-05-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-05-24T00:00:00",
            db: "CNVD",
            id: "CNVD-2017-07322",
         },
         {
            date: "2021-06-30T00:00:00",
            db: "VULMON",
            id: "CVE-2017-0247",
         },
         {
            date: "2017-05-23T16:25:00",
            db: "BID",
            id: "98116",
         },
         {
            date: "2017-05-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
         {
            date: "2021-06-30T16:54:22.617000",
            db: "NVD",
            id: "CVE-2017-0247",
         },
         {
            date: "2021-07-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft ASP.NET Core Input validation vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-003293",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201705-737",
         },
      ],
      trust: 0.6,
   },
}

var-201705-3317
Vulnerability from variot

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3317",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "system.net.websockets.client",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "system.text.encodings.web",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "system.net.http.winhttphandler",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "system.net.security",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "system.net.websockets.client",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.dataannotations",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "system.net.security",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.3.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.viewfeatures",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "system.text.encodings.web",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.webapicompatshim",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "microsoft.aspnetcore.mvc.taghelpers",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.3",
         },
         {
            model: "microsoft.aspnetcore.mvc.apiexplorer",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.abstractions",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "system.net.http",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.3.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.json",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.razor.host",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.cors",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.1",
         },
         {
            model: "asp.net model view controller",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.localization",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.0",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.1.2",
         },
         {
            model: "system.net.http.winhttphandler",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.0.1",
         },
         {
            model: "microsoft.aspnetcore.mvc.formatters.xml",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "1.0.2",
         },
         {
            model: "system.net.http",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "4.1.1",
         },
         {
            model: "asp.net",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "core",
         },
         {
            model: "asp.net",
            scope: null,
            trust: 0.6,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "asp.net",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "0",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "BID",
            id: "98290",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Mikhail Shcherbakov",
      sources: [
         {
            db: "BID",
            id: "98290",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2017-0256",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2017-0256",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CNVD-2017-08173",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  impactScore: 1.4,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.3,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2017-0256",
                  impactScore: null,
                  integrityImpact: "Low",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2017-0256",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2017-08173",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201705-735",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2017-0256",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. \nAn attacker can exploit this issue to conduct  spoofing attacks and perform unauthorized actions; other attacks are  also possible",
      sources: [
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
         {
            db: "BID",
            id: "98290",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
         },
      ],
      trust: 3.06,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2017-0256",
            trust: 3.4,
         },
         {
            db: "BID",
            id: "98290",
            trust: 1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            db: "BID",
            id: "98290",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   id: "VAR-201705-3317",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
      ],
      trust: 0.06,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "IoT",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
      ],
   },
   last_update_date: "2023-12-18T13:24:27.044000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
            trust: 0.8,
            url: "https://github.com/aspnet/announcements/issues/239",
         },
         {
            title: "Patch for Microsoft ASP.NET Core Spoofing Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/94465",
         },
         {
            title: "Microsoft ASP.NET Core Security vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70330",
         },
         {
            title: "OssIndexClient",
            trust: 0.1,
            url: "https://github.com/simoncropp/ossindexclient ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/shiftingleft/dotnet-scm-test ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/jnewman-sonatype/dotnettest ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.6,
            url: "https://github.com/aspnet/announcements/issues/239",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0256",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2017-0256",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com",
         },
         {
            trust: 0.3,
            url: "https://technet.microsoft.com/library/security/4021279.aspx",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/20.html",
         },
         {
            trust: 0.1,
            url: "https://www.securityfocus.com/bid/98290",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/simoncropp/ossindexclient",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            db: "BID",
            id: "98290",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            db: "BID",
            id: "98290",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-06-05T00:00:00",
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            date: "2017-05-12T00:00:00",
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            date: "2017-05-10T00:00:00",
            db: "BID",
            id: "98290",
         },
         {
            date: "2017-05-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            date: "2017-05-12T14:29:04.457000",
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            date: "2017-05-22T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2017-06-05T00:00:00",
            db: "CNVD",
            id: "CNVD-2017-08173",
         },
         {
            date: "2021-06-30T00:00:00",
            db: "VULMON",
            id: "CVE-2017-0256",
         },
         {
            date: "2017-05-23T16:25:00",
            db: "BID",
            id: "98290",
         },
         {
            date: "2017-05-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
         {
            date: "2021-06-30T16:54:22.617000",
            db: "NVD",
            id: "CVE-2017-0256",
         },
         {
            date: "2021-07-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft ASP.NET Core Input validation vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2017-003295",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201705-735",
         },
      ],
      trust: 0.6,
   },
}

Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Summary
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
Impacted products
Vendor Product Version
microsoft asp.net_model_view_controller 1.0.0
microsoft asp.net_model_view_controller 1.0.1
microsoft asp.net_model_view_controller 1.0.2
microsoft asp.net_model_view_controller 1.0.3
microsoft asp.net_model_view_controller 1.1.0
microsoft asp.net_model_view_controller 1.1.1
microsoft asp.net_model_view_controller 1.1.2
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.0
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.1
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.2
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.3
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.0
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.1
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.2
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.0
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.1
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.2
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.3
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.0
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.1
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.2
microsoft microsoft.aspnetcore.mvc.cors 1.0.0
microsoft microsoft.aspnetcore.mvc.cors 1.0.1
microsoft microsoft.aspnetcore.mvc.cors 1.0.2
microsoft microsoft.aspnetcore.mvc.cors 1.0.3
microsoft microsoft.aspnetcore.mvc.cors 1.1.0
microsoft microsoft.aspnetcore.mvc.cors 1.1.1
microsoft microsoft.aspnetcore.mvc.cors 1.1.2
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.0
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.1
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.2
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.3
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.0
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.1
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.2
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.0
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.1
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.2
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.3
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.0
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.1
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.2
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.0
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.1
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.2
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.3
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.0
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.1
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.2
microsoft microsoft.aspnetcore.mvc.localization 1.0.0
microsoft microsoft.aspnetcore.mvc.localization 1.0.1
microsoft microsoft.aspnetcore.mvc.localization 1.0.2
microsoft microsoft.aspnetcore.mvc.localization 1.0.3
microsoft microsoft.aspnetcore.mvc.localization 1.1.0
microsoft microsoft.aspnetcore.mvc.localization 1.1.1
microsoft microsoft.aspnetcore.mvc.localization 1.1.2
microsoft microsoft.aspnetcore.mvc.razor 1.0.0
microsoft microsoft.aspnetcore.mvc.razor 1.0.1
microsoft microsoft.aspnetcore.mvc.razor 1.0.2
microsoft microsoft.aspnetcore.mvc.razor 1.0.3
microsoft microsoft.aspnetcore.mvc.razor 1.1.0
microsoft microsoft.aspnetcore.mvc.razor 1.1.1
microsoft microsoft.aspnetcore.mvc.razor 1.1.2
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.0
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.1
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.2
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.3
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.0
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.1
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.2
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.0
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.1
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.2
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.3
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.0
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.1
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.2
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.0
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.1
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.2
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.3
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.0
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.1
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.2
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.0
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.1
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.2
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.3
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.0
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.1
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.2
microsoft system.net.http 4.1.1
microsoft system.net.http 4.3.1
microsoft system.net.http.winhttphandler 4.0.1
microsoft system.net.http.winhttphandler 4.3.0
microsoft system.net.security 4.0.0
microsoft system.net.security 4.3.0
microsoft system.net.websockets.client 4.0.0
microsoft system.net.websockets.client 4.3.0
microsoft system.text.encodings.web 4.0.0
microsoft system.text.encodings.web 4.3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72D49ACA-0755-425C-9162-8D40D7AADDC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAB52597-3458-4816-8432-7948CA21B8C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86207D1B-AE1B-4826-B07A-75815A5ED06B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BC76DD26-1A09-419D-9156-16042FF7D508",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2A701C76-6AC7-4230-B0C5-9CD91010349C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B7E8D173-9F85-4796-8A97-A77A531A3C79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "893BD886-23DC-41E9-9DD1-C367F1638CFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3A31726B-E001-4568-9538-150C438D4D82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "22473819-A864-4568-BB4F-B1B61D6BE768",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "25F6E532-9282-4444-BE83-1D4254B78E98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3D3B725F-E01E-4B44-B6FE-D384CB081880",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BEB9143D-39A5-4A1A-8CF6-50A234476914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "784D8767-E542-4BEA-AC04-190EB86ACE44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "24849B2C-4475-4F63-99F8-D63AC7455AFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E53251EE-7C63-4597-817D-E0E046D45E7D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C4B607A3-3637-4785-A7FA-074B370B57A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "10769FE6-90C1-41EF-B59C-2DF602798AA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9F2FF0F8-0447-442F-99C7-AAE364942263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "82A352B2-00B5-40EB-A053-3871999FF549",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "1D0612F5-8621-4FEB-B84D-6116CD92C671",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "D917236C-B53D-454C-9FCD-4D0F48849C8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "32B849F2-CD4B-45DB-86DD-77248ED82C56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "28A15818-8AB8-4253-9D82-D968B05D4416",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C59BDECB-3184-4BE3-91B5-4703170D6E72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F8A9187E-AAF3-4186-9014-13D304463F44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "19022A88-C140-4C64-8BAD-43CE0E448D78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "36170C72-162C-44F1-8291-DCF12AAC3D06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "97E0DE96-A8CA-4395-8955-3223754A7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "95D892B0-08CD-479B-8DBA-2E296A2139EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "16E5978D-49B7-4948-A57F-D0903CC2726B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "175E800A-6295-4EDD-AD76-AED50C4ED29F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DD429092-758C-40E2-9B62-552062DE5C99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4B124905-C4EB-4943-BF9D-97DD9C63C773",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F1382D94-3442-4770-99BC-A803DB7D99CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "72682900-3DEA-43E8-9E60-04D8AA575353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4322AC03-A133-4778-A2F1-AD509764BB00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E4779EAE-28C3-454F-853C-45D7A4B264BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "34EB1A01-873A-4395-84D9-B048E2E12A43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "389FB05C-C41F-4162-B868-472A6FEE18BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "944C87F4-591A-46A3-A6BE-68CF070D2557",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "6A5CA6EF-184A-4D35-A430-8D708041C139",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7264CABF-8603-445F-8728-A53575239BC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "776B722D-0DA6-4994-9323-06165E562489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "77A16675-CD3A-427B-888E-B1D8A51189AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B28A24AD-C225-45B3-8156-5A8107A7073C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "22B75008-7F05-4923-88D9-0D6619568C8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "8799CB21-5F98-4368-A1BC-2746438757CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "79D7994A-ABDF-4F02-841D-B082917CA9F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "71FFFD6C-1243-480F-874E-3548EED2D471",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "76906A3F-9A22-453F-BCCF-35C248E6788C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E7A176BB-A188-44A9-9E52-D385B13D328F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F376D1B3-5801-4BC3-B060-39DC928A9838",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.",
      },
      {
         lang: "es",
         value: "Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web.",
      },
   ],
   id: "CVE-2017-0249",
   lastModified: "2024-11-21T03:02:37.610",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-12T14:29:04.003",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://github.com/aspnet/Announcements/issues/239",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://github.com/aspnet/Announcements/issues/239",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Summary
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
Impacted products
Vendor Product Version
microsoft asp.net_model_view_controller 1.0.0
microsoft asp.net_model_view_controller 1.0.1
microsoft asp.net_model_view_controller 1.0.2
microsoft asp.net_model_view_controller 1.0.3
microsoft asp.net_model_view_controller 1.1.0
microsoft asp.net_model_view_controller 1.1.1
microsoft asp.net_model_view_controller 1.1.2
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.0
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.1
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.2
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.3
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.0
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.1
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.2
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.0
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.1
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.2
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.3
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.0
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.1
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.2
microsoft microsoft.aspnetcore.mvc.cors 1.0.0
microsoft microsoft.aspnetcore.mvc.cors 1.0.1
microsoft microsoft.aspnetcore.mvc.cors 1.0.2
microsoft microsoft.aspnetcore.mvc.cors 1.0.3
microsoft microsoft.aspnetcore.mvc.cors 1.1.0
microsoft microsoft.aspnetcore.mvc.cors 1.1.1
microsoft microsoft.aspnetcore.mvc.cors 1.1.2
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.0
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.1
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.2
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.3
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.0
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.1
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.2
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.0
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.1
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.2
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.3
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.0
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.1
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.2
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.0
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.1
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.2
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.3
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.0
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.1
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.2
microsoft microsoft.aspnetcore.mvc.localization 1.0.0
microsoft microsoft.aspnetcore.mvc.localization 1.0.1
microsoft microsoft.aspnetcore.mvc.localization 1.0.2
microsoft microsoft.aspnetcore.mvc.localization 1.0.3
microsoft microsoft.aspnetcore.mvc.localization 1.1.0
microsoft microsoft.aspnetcore.mvc.localization 1.1.1
microsoft microsoft.aspnetcore.mvc.localization 1.1.2
microsoft microsoft.aspnetcore.mvc.razor 1.0.0
microsoft microsoft.aspnetcore.mvc.razor 1.0.1
microsoft microsoft.aspnetcore.mvc.razor 1.0.2
microsoft microsoft.aspnetcore.mvc.razor 1.0.3
microsoft microsoft.aspnetcore.mvc.razor 1.1.0
microsoft microsoft.aspnetcore.mvc.razor 1.1.1
microsoft microsoft.aspnetcore.mvc.razor 1.1.2
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.0
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.1
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.2
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.3
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.0
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.1
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.2
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.0
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.1
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.2
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.3
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.0
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.1
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.2
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.0
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.1
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.2
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.3
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.0
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.1
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.2
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.0
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.1
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.2
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.3
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.0
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.1
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.2
microsoft system.net.http 4.1.1
microsoft system.net.http 4.3.1
microsoft system.net.http.winhttphandler 4.0.1
microsoft system.net.http.winhttphandler 4.3.0
microsoft system.net.security 4.0.0
microsoft system.net.security 4.3.0
microsoft system.net.websockets.client 4.0.0
microsoft system.net.websockets.client 4.3.0
microsoft system.text.encodings.web 4.0.0
microsoft system.text.encodings.web 4.3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72D49ACA-0755-425C-9162-8D40D7AADDC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAB52597-3458-4816-8432-7948CA21B8C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86207D1B-AE1B-4826-B07A-75815A5ED06B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BC76DD26-1A09-419D-9156-16042FF7D508",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2A701C76-6AC7-4230-B0C5-9CD91010349C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B7E8D173-9F85-4796-8A97-A77A531A3C79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "893BD886-23DC-41E9-9DD1-C367F1638CFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3A31726B-E001-4568-9538-150C438D4D82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "22473819-A864-4568-BB4F-B1B61D6BE768",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "25F6E532-9282-4444-BE83-1D4254B78E98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3D3B725F-E01E-4B44-B6FE-D384CB081880",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BEB9143D-39A5-4A1A-8CF6-50A234476914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "784D8767-E542-4BEA-AC04-190EB86ACE44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "24849B2C-4475-4F63-99F8-D63AC7455AFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E53251EE-7C63-4597-817D-E0E046D45E7D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C4B607A3-3637-4785-A7FA-074B370B57A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "10769FE6-90C1-41EF-B59C-2DF602798AA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9F2FF0F8-0447-442F-99C7-AAE364942263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "82A352B2-00B5-40EB-A053-3871999FF549",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "1D0612F5-8621-4FEB-B84D-6116CD92C671",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "D917236C-B53D-454C-9FCD-4D0F48849C8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "32B849F2-CD4B-45DB-86DD-77248ED82C56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "28A15818-8AB8-4253-9D82-D968B05D4416",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C59BDECB-3184-4BE3-91B5-4703170D6E72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F8A9187E-AAF3-4186-9014-13D304463F44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "19022A88-C140-4C64-8BAD-43CE0E448D78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "36170C72-162C-44F1-8291-DCF12AAC3D06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "97E0DE96-A8CA-4395-8955-3223754A7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "95D892B0-08CD-479B-8DBA-2E296A2139EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "16E5978D-49B7-4948-A57F-D0903CC2726B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "175E800A-6295-4EDD-AD76-AED50C4ED29F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DD429092-758C-40E2-9B62-552062DE5C99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4B124905-C4EB-4943-BF9D-97DD9C63C773",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F1382D94-3442-4770-99BC-A803DB7D99CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "72682900-3DEA-43E8-9E60-04D8AA575353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4322AC03-A133-4778-A2F1-AD509764BB00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E4779EAE-28C3-454F-853C-45D7A4B264BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "34EB1A01-873A-4395-84D9-B048E2E12A43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "389FB05C-C41F-4162-B868-472A6FEE18BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "944C87F4-591A-46A3-A6BE-68CF070D2557",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "6A5CA6EF-184A-4D35-A430-8D708041C139",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7264CABF-8603-445F-8728-A53575239BC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "776B722D-0DA6-4994-9323-06165E562489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "77A16675-CD3A-427B-888E-B1D8A51189AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B28A24AD-C225-45B3-8156-5A8107A7073C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "22B75008-7F05-4923-88D9-0D6619568C8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "8799CB21-5F98-4368-A1BC-2746438757CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "79D7994A-ABDF-4F02-841D-B082917CA9F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "71FFFD6C-1243-480F-874E-3548EED2D471",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "76906A3F-9A22-453F-BCCF-35C248E6788C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E7A176BB-A188-44A9-9E52-D385B13D328F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F376D1B3-5801-4BC3-B060-39DC928A9838",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web.",
      },
   ],
   id: "CVE-2017-0256",
   lastModified: "2024-11-21T03:02:38.197",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-12T14:29:04.457",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://github.com/aspnet/Announcements/issues/239",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://github.com/aspnet/Announcements/issues/239",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Summary
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
Impacted products
Vendor Product Version
microsoft asp.net_model_view_controller 1.0.0
microsoft asp.net_model_view_controller 1.0.1
microsoft asp.net_model_view_controller 1.0.2
microsoft asp.net_model_view_controller 1.0.3
microsoft asp.net_model_view_controller 1.1.0
microsoft asp.net_model_view_controller 1.1.1
microsoft asp.net_model_view_controller 1.1.2
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.0
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.1
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.2
microsoft microsoft.aspnetcore.mvc.abstractions 1.0.3
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.0
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.1
microsoft microsoft.aspnetcore.mvc.abstractions 1.1.2
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.0
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.1
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.2
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.0.3
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.0
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.1
microsoft microsoft.aspnetcore.mvc.apiexplorer 1.1.2
microsoft microsoft.aspnetcore.mvc.cors 1.0.0
microsoft microsoft.aspnetcore.mvc.cors 1.0.1
microsoft microsoft.aspnetcore.mvc.cors 1.0.2
microsoft microsoft.aspnetcore.mvc.cors 1.0.3
microsoft microsoft.aspnetcore.mvc.cors 1.1.0
microsoft microsoft.aspnetcore.mvc.cors 1.1.1
microsoft microsoft.aspnetcore.mvc.cors 1.1.2
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.0
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.1
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.2
microsoft microsoft.aspnetcore.mvc.dataannotations 1.0.3
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.0
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.1
microsoft microsoft.aspnetcore.mvc.dataannotations 1.1.2
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.0
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.1
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.2
microsoft microsoft.aspnetcore.mvc.formatters.json 1.0.3
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.0
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.1
microsoft microsoft.aspnetcore.mvc.formatters.json 1.1.2
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.0
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.1
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.2
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.0.3
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.0
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.1
microsoft microsoft.aspnetcore.mvc.formatters.xml 1.1.2
microsoft microsoft.aspnetcore.mvc.localization 1.0.0
microsoft microsoft.aspnetcore.mvc.localization 1.0.1
microsoft microsoft.aspnetcore.mvc.localization 1.0.2
microsoft microsoft.aspnetcore.mvc.localization 1.0.3
microsoft microsoft.aspnetcore.mvc.localization 1.1.0
microsoft microsoft.aspnetcore.mvc.localization 1.1.1
microsoft microsoft.aspnetcore.mvc.localization 1.1.2
microsoft microsoft.aspnetcore.mvc.razor 1.0.0
microsoft microsoft.aspnetcore.mvc.razor 1.0.1
microsoft microsoft.aspnetcore.mvc.razor 1.0.2
microsoft microsoft.aspnetcore.mvc.razor 1.0.3
microsoft microsoft.aspnetcore.mvc.razor 1.1.0
microsoft microsoft.aspnetcore.mvc.razor 1.1.1
microsoft microsoft.aspnetcore.mvc.razor 1.1.2
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.0
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.1
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.2
microsoft microsoft.aspnetcore.mvc.razor.host 1.0.3
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.0
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.1
microsoft microsoft.aspnetcore.mvc.razor.host 1.1.2
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.0
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.1
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.2
microsoft microsoft.aspnetcore.mvc.taghelpers 1.0.3
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.0
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.1
microsoft microsoft.aspnetcore.mvc.taghelpers 1.1.2
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.0
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.1
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.2
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.0.3
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.0
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.1
microsoft microsoft.aspnetcore.mvc.viewfeatures 1.1.2
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.0
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.1
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.2
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.0.3
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.0
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.1
microsoft microsoft.aspnetcore.mvc.webapicompatshim 1.1.2
microsoft system.net.http 4.1.1
microsoft system.net.http 4.3.1
microsoft system.net.http.winhttphandler 4.0.1
microsoft system.net.http.winhttphandler 4.3.0
microsoft system.net.security 4.0.0
microsoft system.net.security 4.3.0
microsoft system.net.websockets.client 4.0.0
microsoft system.net.websockets.client 4.3.0
microsoft system.text.encodings.web 4.0.0
microsoft system.text.encodings.web 4.3.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "72D49ACA-0755-425C-9162-8D40D7AADDC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EAB52597-3458-4816-8432-7948CA21B8C1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "86207D1B-AE1B-4826-B07A-75815A5ED06B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E96E6585-EA7C-47A7-B6EF-9926758E90DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "292C4DAD-1CBB-41DF-9E45-F8D594C03097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BC76DD26-1A09-419D-9156-16042FF7D508",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2A701C76-6AC7-4230-B0C5-9CD91010349C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "6E801676-656E-43F6-8C4E-EE0BD5EAF23E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DE818227-C9F3-49BA-80D1-FA49FA46B8BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B7E8D173-9F85-4796-8A97-A77A531A3C79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "893BD886-23DC-41E9-9DD1-C367F1638CFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2F9CCC49-348F-44A3-8412-17B689B0B0B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "40ACE580-63FC-44A6-A1A3-19113BCF96B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3A31726B-E001-4568-9538-150C438D4D82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "22473819-A864-4568-BB4F-B1B61D6BE768",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "25F6E532-9282-4444-BE83-1D4254B78E98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3D3B725F-E01E-4B44-B6FE-D384CB081880",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "CD9CA7E6-4622-48CE-87DD-43850E6A3D94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9F0BE208-E908-4D55-ABC0-01899A7BCF3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BEB9143D-39A5-4A1A-8CF6-50A234476914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "784D8767-E542-4BEA-AC04-190EB86ACE44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B051C0F9-2D90-4F21-A4A3-49E52E4580F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "24849B2C-4475-4F63-99F8-D63AC7455AFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E53251EE-7C63-4597-817D-E0E046D45E7D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C4B607A3-3637-4785-A7FA-074B370B57A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "10769FE6-90C1-41EF-B59C-2DF602798AA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9F2FF0F8-0447-442F-99C7-AAE364942263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "82A352B2-00B5-40EB-A053-3871999FF549",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "1CBD8554-F155-4265-9ABA-27F2CFDB6645",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "1D0612F5-8621-4FEB-B84D-6116CD92C671",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "D917236C-B53D-454C-9FCD-4D0F48849C8B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "32B849F2-CD4B-45DB-86DD-77248ED82C56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "5A08EDE3-035D-4A4F-AF2A-FDFC02264841",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "28A15818-8AB8-4253-9D82-D968B05D4416",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C59BDECB-3184-4BE3-91B5-4703170D6E72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F861A072-D917-4BF5-99D3-3C9AD99A70EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "79F08C0E-5A28-4A8D-9987-CC273A38CDB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F8A9187E-AAF3-4186-9014-13D304463F44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "19022A88-C140-4C64-8BAD-43CE0E448D78",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "36170C72-162C-44F1-8291-DCF12AAC3D06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "97E0DE96-A8CA-4395-8955-3223754A7678",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "95D892B0-08CD-479B-8DBA-2E296A2139EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "16E5978D-49B7-4948-A57F-D0903CC2726B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "175E800A-6295-4EDD-AD76-AED50C4ED29F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DD429092-758C-40E2-9B62-552062DE5C99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4B124905-C4EB-4943-BF9D-97DD9C63C773",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F1382D94-3442-4770-99BC-A803DB7D99CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "72682900-3DEA-43E8-9E60-04D8AA575353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2614708B-D88A-45D1-989A-EC1F18B2ECF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "48101840-E58F-4E2D-BA2D-8D07F76E1EB1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "56285B40-74FB-4AE4-9998-09D3CC2FA76B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4322AC03-A133-4778-A2F1-AD509764BB00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E4779EAE-28C3-454F-853C-45D7A4B264BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "34EB1A01-873A-4395-84D9-B048E2E12A43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "389FB05C-C41F-4162-B868-472A6FEE18BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "944C87F4-591A-46A3-A6BE-68CF070D2557",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "6A5CA6EF-184A-4D35-A430-8D708041C139",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7264CABF-8603-445F-8728-A53575239BC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "776B722D-0DA6-4994-9323-06165E562489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "77A16675-CD3A-427B-888E-B1D8A51189AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B28A24AD-C225-45B3-8156-5A8107A7073C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "22B75008-7F05-4923-88D9-0D6619568C8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "C4A5D3CC-282D-484F-99E3-5D087F759C4A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "8799CB21-5F98-4368-A1BC-2746438757CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "B4315F2E-5272-4D09-80AF-A65AE52E37CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "9CCD4355-CE24-4F14-A348-BB76470E4DC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "79D7994A-ABDF-4F02-841D-B082917CA9F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "7B33EFE6-68BB-46FD-834D-B767641E1AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "71FFFD6C-1243-480F-874E-3548EED2D471",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "76906A3F-9A22-453F-BCCF-35C248E6788C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E7A176BB-A188-44A9-9E52-D385B13D328F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "DF881FCD-8E4C-47AC-ABED-05F805D3DED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "06C3E2C7-C113-4224-8F4F-3BDD3B800B04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "F376D1B3-5801-4BC3-B060-39DC928A9838",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "0ACC7FBF-34A3-4A95-A7B0-396AB194976A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "AA8408AC-5380-4C77-BA49-C236F0CBB51F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
                     matchCriteriaId: "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.",
      },
      {
         lang: "es",
         value: "Se presenta una vulnerabilidad de denegación de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la función TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a  1.1.3 permite a los atacantes remotos causar una denegación de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin carácter Unicode.",
      },
   ],
   id: "CVE-2017-0247",
   lastModified: "2024-11-21T03:02:37.353",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-12T14:29:03.910",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://github.com/aspnet/Announcements/issues/239",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://github.com/aspnet/Announcements/issues/239",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}