Vulnerabilites related to microsoft - microsoft.aspnetcore.mvc.localization
cve-2017-0256
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/aspnet/Announcements/issues/239 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aspnet/Announcements/issues/239", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ASP.NET Core", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "ASP.NET Core", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-12T13:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/aspnet/Announcements/issues/239", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0256", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ASP.NET Core", version: { version_data: [ { version_value: "ASP.NET Core", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/aspnet/Announcements/issues/239", refsource: "MISC", url: "https://github.com/aspnet/Announcements/issues/239", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0256", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-0247
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://technet.microsoft.com/en-us/library/security/4021279.aspx | x_refsource_CONFIRM | |
https://github.com/aspnet/Announcements/issues/239 | x_refsource_MISC | |
https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aspnet/Announcements/issues/239", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ASP.NET Core", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "ASP.NET Core", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-25T18:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aspnet/Announcements/issues/239", }, { tags: [ "x_refsource_MISC", ], url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0247", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ASP.NET Core", version: { version_data: [ { version_value: "ASP.NET Core", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", refsource: "CONFIRM", url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { name: "https://github.com/aspnet/Announcements/issues/239", refsource: "MISC", url: "https://github.com/aspnet/Announcements/issues/239", }, { name: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", refsource: "MISC", url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0247", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-0249
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://github.com/aspnet/Announcements/issues/239 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Microsoft Corporation | ASP.NET Core |
Version: ASP.NET Core |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aspnet/Announcements/issues/239", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ASP.NET Core", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "ASP.NET Core", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-12T13:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/aspnet/Announcements/issues/239", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0249", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ASP.NET Core", version: { version_data: [ { version_value: "ASP.NET Core", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/aspnet/Announcements/issues/239", refsource: "MISC", url: "https://github.com/aspnet/Announcements/issues/239", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0249", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-201705-3360
Vulnerability from variot
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.1", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.1", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net", scope: "eq", trust: 0.8, vendor: "microsoft", version: "core", }, { model: "asp.net core", scope: null, trust: 0.6, vendor: "microsoft", version: null, }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-0249", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft", sources: [ { db: "BID", id: "98118", }, ], trust: 0.3, }, cve: "CVE-2017-0249", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-0249", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2017-07323", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 7.3, baseSeverity: "High", confidentialityImpact: "Low", exploitabilityScore: null, id: "CVE-2017-0249", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-0249", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-07323", trust: 0.6, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201705-736", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-0249", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access", sources: [ { db: "NVD", id: "CVE-2017-0249", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "CNVD", id: "CNVD-2017-07323", }, { db: "CNNVD", id: "CNNVD-201705-736", }, { db: "BID", id: "98118", }, { db: "VULMON", id: "CVE-2017-0249", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-0249", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2017-003294", trust: 0.8, }, { db: "CNVD", id: "CNVD-2017-07323", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201705-736", trust: 0.6, }, { db: "BID", id: "98118", trust: 0.4, }, { db: "VULMON", id: "CVE-2017-0249", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, id: "VAR-201705-3360", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, ], trust: 0.81178882, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, ], }, last_update_date: "2023-12-18T12:44:36.871000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", trust: 0.8, url: "https://github.com/aspnet/announcements/issues/239", }, { title: "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/94179", }, { title: "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70329", }, { title: "OssIndexClient", trust: 0.1, url: "https://github.com/simoncropp/ossindexclient ", }, { title: "", trust: 0.1, url: "https://github.com/shiftingleft/dotnet-scm-test ", }, { title: "", trust: 0.1, url: "https://github.com/jnewman-sonatype/dotnettest ", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/aspnet/announcements/issues/239", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-0249", }, { trust: 0.3, url: "http://www.microsoft.com", }, { trust: 0.3, url: "https://technet.microsoft.com/library/security/4021279.aspx", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.securityfocus.com/bid/98118", }, { trust: 0.1, url: "https://github.com/simoncropp/ossindexclient", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-07323", }, { db: "VULMON", id: "CVE-2017-0249", }, { db: "BID", id: "98118", }, { db: "JVNDB", id: "JVNDB-2017-003294", }, { db: "NVD", id: "CVE-2017-0249", }, { db: "CNNVD", id: "CNNVD-201705-736", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07323", }, { date: "2017-05-12T00:00:00", db: "VULMON", id: "CVE-2017-0249", }, { date: "2017-05-10T00:00:00", db: "BID", id: "98118", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003294", }, { date: "2017-05-12T14:29:04.003000", db: "NVD", id: "CVE-2017-0249", }, { date: "2017-05-18T00:00:00", db: "CNNVD", id: "CNNVD-201705-736", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07323", }, { date: "2021-06-30T00:00:00", db: "VULMON", id: "CVE-2017-0249", }, { date: "2017-05-23T16:25:00", db: "BID", id: "98118", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003294", }, { date: "2021-06-30T16:54:22.617000", db: "NVD", id: "CVE-2017-0249", }, { date: "2021-07-01T00:00:00", db: "CNNVD", id: "CNNVD-201705-736", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201705-736", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft ASP.NET Core Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-003294", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201705-736", }, ], trust: 0.6, }, }
var-201705-3358
Vulnerability from variot
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.websockets.client", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.security", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.0", }, { model: "system.text.encodings.web", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.0", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.3.1", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.0.1", }, { model: "system.net.http", scope: "eq", trust: 1.6, vendor: "microsoft", version: "4.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "asp.net", scope: "eq", trust: 0.8, vendor: "microsoft", version: "core", }, { model: "asp.net core", scope: null, trust: 0.6, vendor: "microsoft", version: null, }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-0247", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "David Fernandez of Sidertia Solutions", sources: [ { db: "BID", id: "98116", }, ], trust: 0.3, }, cve: "CVE-2017-0247", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0247", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2017-07322", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 7.5, baseSeverity: "High", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0247", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-0247", trust: 1.8, value: "HIGH", }, { author: "CNVD", id: "CNVD-2017-07322", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201705-737", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2017-0247", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service", sources: [ { db: "NVD", id: "CVE-2017-0247", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "CNVD", id: "CNVD-2017-07322", }, { db: "CNNVD", id: "CNNVD-201705-737", }, { db: "BID", id: "98116", }, { db: "VULMON", id: "CVE-2017-0247", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-0247", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2017-003293", trust: 0.8, }, { db: "CNVD", id: "CNVD-2017-07322", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201705-737", trust: 0.6, }, { db: "BID", id: "98116", trust: 0.4, }, { db: "VULMON", id: "CVE-2017-0247", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, id: "VAR-201705-3358", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, ], trust: 0.81178882, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, ], }, last_update_date: "2023-12-18T12:37:26.188000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", trust: 0.8, url: "https://github.com/aspnet/announcements/issues/239", }, { title: "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/94177", }, { title: "Microsoft ASP.NET Core Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70331", }, { title: "", trust: 0.1, url: "https://github.com/dotnet/source-build-reference-packages ", }, { title: "OssIndexClient", trust: 0.1, url: "https://github.com/simoncropp/ossindexclient ", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/aspnet/announcements/issues/239", }, { trust: 1.7, url: "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos", }, { trust: 1.7, url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-0247", }, { trust: 0.3, url: "http://www.microsoft.com", }, { trust: 0.3, url: "https://technet.microsoft.com/library/security/4021279.aspx", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://github.com/dotnet/source-build-reference-packages", }, { trust: 0.1, url: "https://www.securityfocus.com/bid/98116", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/simoncropp/ossindexclient", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-07322", }, { db: "VULMON", id: "CVE-2017-0247", }, { db: "BID", id: "98116", }, { db: "JVNDB", id: "JVNDB-2017-003293", }, { db: "NVD", id: "CVE-2017-0247", }, { db: "CNNVD", id: "CNNVD-201705-737", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07322", }, { date: "2017-05-12T00:00:00", db: "VULMON", id: "CVE-2017-0247", }, { date: "2017-05-10T00:00:00", db: "BID", id: "98116", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003293", }, { date: "2017-05-12T14:29:03.910000", db: "NVD", id: "CVE-2017-0247", }, { date: "2017-05-18T00:00:00", db: "CNNVD", id: "CNNVD-201705-737", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-05-24T00:00:00", db: "CNVD", id: "CNVD-2017-07322", }, { date: "2021-06-30T00:00:00", db: "VULMON", id: "CVE-2017-0247", }, { date: "2017-05-23T16:25:00", db: "BID", id: "98116", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003293", }, { date: "2021-06-30T16:54:22.617000", db: "NVD", id: "CVE-2017-0247", }, { date: "2021-07-01T00:00:00", db: "CNNVD", id: "CNNVD-201705-737", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201705-737", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft ASP.NET Core Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-003293", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201705-737", }, ], trust: 0.6, }, }
var-201705-3317
Vulnerability from variot
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3317", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1.6, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "system.net.websockets.client", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "system.text.encodings.web", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "system.net.security", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "system.net.websockets.client", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.0", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.dataannotations", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "system.net.security", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.0", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.viewfeatures", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "system.text.encodings.web", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.0", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.0", }, { model: "microsoft.aspnetcore.mvc.webapicompatshim", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "microsoft.aspnetcore.mvc.taghelpers", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.3", }, { model: "microsoft.aspnetcore.mvc.apiexplorer", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.abstractions", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "system.net.http", scope: "eq", trust: 1, vendor: "microsoft", version: "4.3.1", }, { model: "microsoft.aspnetcore.mvc.formatters.json", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.razor.host", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "microsoft.aspnetcore.mvc.cors", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.1", }, { model: "asp.net model view controller", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.localization", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.0", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.1.2", }, { model: "system.net.http.winhttphandler", scope: "eq", trust: 1, vendor: "microsoft", version: "4.0.1", }, { model: "microsoft.aspnetcore.mvc.formatters.xml", scope: "eq", trust: 1, vendor: "microsoft", version: "1.0.2", }, { model: "system.net.http", scope: "eq", trust: 1, vendor: "microsoft", version: "4.1.1", }, { model: "asp.net", scope: "eq", trust: 0.8, vendor: "microsoft", version: "core", }, { model: "asp.net", scope: null, trust: 0.6, vendor: "microsoft", version: null, }, { model: "asp.net", scope: "eq", trust: 0.3, vendor: "microsoft", version: "0", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-0256", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Mikhail Shcherbakov", sources: [ { db: "BID", id: "98290", }, ], trust: 0.3, }, cve: "CVE-2017-0256", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0256", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CNVD-2017-08173", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "None", baseScore: 5.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2017-0256", impactScore: null, integrityImpact: "Low", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-0256", trust: 1.8, value: "MEDIUM", }, { author: "CNVD", id: "CNVD-2017-08173", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201705-735", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2017-0256", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible", sources: [ { db: "NVD", id: "CVE-2017-0256", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "CNVD", id: "CNVD-2017-08173", }, { db: "CNNVD", id: "CNNVD-201705-735", }, { db: "BID", id: "98290", }, { db: "VULMON", id: "CVE-2017-0256", }, ], trust: 3.06, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-0256", trust: 3.4, }, { db: "BID", id: "98290", trust: 1, }, { db: "JVNDB", id: "JVNDB-2017-003295", trust: 0.8, }, { db: "CNVD", id: "CNVD-2017-08173", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201705-735", trust: 0.6, }, { db: "VULMON", id: "CVE-2017-0256", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, id: "VAR-201705-3317", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, ], trust: 0.06, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "IoT", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, ], }, last_update_date: "2023-12-18T13:24:27.044000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239", trust: 0.8, url: "https://github.com/aspnet/announcements/issues/239", }, { title: "Patch for Microsoft ASP.NET Core Spoofing Vulnerability", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/94465", }, { title: "Microsoft ASP.NET Core Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70330", }, { title: "OssIndexClient", trust: 0.1, url: "https://github.com/simoncropp/ossindexclient ", }, { title: "", trust: 0.1, url: "https://github.com/shiftingleft/dotnet-scm-test ", }, { title: "", trust: 0.1, url: "https://github.com/jnewman-sonatype/dotnettest ", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/aspnet/announcements/issues/239", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0256", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2017-0256", }, { trust: 0.3, url: "http://www.microsoft.com", }, { trust: 0.3, url: "https://technet.microsoft.com/library/security/4021279.aspx", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://www.securityfocus.com/bid/98290", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/simoncropp/ossindexclient", }, { trust: 0.1, url: "https://tools.cisco.com/security/center/viewalert.x?alertid=53814", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-08173", }, { db: "VULMON", id: "CVE-2017-0256", }, { db: "BID", id: "98290", }, { db: "JVNDB", id: "JVNDB-2017-003295", }, { db: "NVD", id: "CVE-2017-0256", }, { db: "CNNVD", id: "CNNVD-201705-735", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-06-05T00:00:00", db: "CNVD", id: "CNVD-2017-08173", }, { date: "2017-05-12T00:00:00", db: "VULMON", id: "CVE-2017-0256", }, { date: "2017-05-10T00:00:00", db: "BID", id: "98290", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003295", }, { date: "2017-05-12T14:29:04.457000", db: "NVD", id: "CVE-2017-0256", }, { date: "2017-05-22T00:00:00", db: "CNNVD", id: "CNNVD-201705-735", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-06-05T00:00:00", db: "CNVD", id: "CNVD-2017-08173", }, { date: "2021-06-30T00:00:00", db: "VULMON", id: "CVE-2017-0256", }, { date: "2017-05-23T16:25:00", db: "BID", id: "98290", }, { date: "2017-05-24T00:00:00", db: "JVNDB", id: "JVNDB-2017-003295", }, { date: "2021-06-30T16:54:22.617000", db: "NVD", id: "CVE-2017-0256", }, { date: "2021-07-01T00:00:00", db: "CNNVD", id: "CNNVD-201705-735", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201705-735", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Microsoft ASP.NET Core Input validation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2017-003295", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201705-735", }, ], trust: 0.6, }, }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72D49ACA-0755-425C-9162-8D40D7AADDC5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EAB52597-3458-4816-8432-7948CA21B8C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "86207D1B-AE1B-4826-B07A-75815A5ED06B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E96E6585-EA7C-47A7-B6EF-9926758E90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "292C4DAD-1CBB-41DF-9E45-F8D594C03097", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "BC76DD26-1A09-419D-9156-16042FF7D508", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "2A701C76-6AC7-4230-B0C5-9CD91010349C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "6E801676-656E-43F6-8C4E-EE0BD5EAF23E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "DE818227-C9F3-49BA-80D1-FA49FA46B8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B7E8D173-9F85-4796-8A97-A77A531A3C79", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "893BD886-23DC-41E9-9DD1-C367F1638CFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "2F9CCC49-348F-44A3-8412-17B689B0B0B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "40ACE580-63FC-44A6-A1A3-19113BCF96B7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3A31726B-E001-4568-9538-150C438D4D82", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "22473819-A864-4568-BB4F-B1B61D6BE768", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "25F6E532-9282-4444-BE83-1D4254B78E98", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3D3B725F-E01E-4B44-B6FE-D384CB081880", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "CD9CA7E6-4622-48CE-87DD-43850E6A3D94", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "9F0BE208-E908-4D55-ABC0-01899A7BCF3B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "BEB9143D-39A5-4A1A-8CF6-50A234476914", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "784D8767-E542-4BEA-AC04-190EB86ACE44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B051C0F9-2D90-4F21-A4A3-49E52E4580F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "24849B2C-4475-4F63-99F8-D63AC7455AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E53251EE-7C63-4597-817D-E0E046D45E7D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "C4B607A3-3637-4785-A7FA-074B370B57A2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "10769FE6-90C1-41EF-B59C-2DF602798AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "9F2FF0F8-0447-442F-99C7-AAE364942263", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "82A352B2-00B5-40EB-A053-3871999FF549", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "1CBD8554-F155-4265-9ABA-27F2CFDB6645", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "1D0612F5-8621-4FEB-B84D-6116CD92C671", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "D917236C-B53D-454C-9FCD-4D0F48849C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "32B849F2-CD4B-45DB-86DD-77248ED82C56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "5A08EDE3-035D-4A4F-AF2A-FDFC02264841", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "28A15818-8AB8-4253-9D82-D968B05D4416", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "C59BDECB-3184-4BE3-91B5-4703170D6E72", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "F861A072-D917-4BF5-99D3-3C9AD99A70EE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "79F08C0E-5A28-4A8D-9987-CC273A38CDB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "F8A9187E-AAF3-4186-9014-13D304463F44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "19022A88-C140-4C64-8BAD-43CE0E448D78", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "36170C72-162C-44F1-8291-DCF12AAC3D06", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "97E0DE96-A8CA-4395-8955-3223754A7678", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "95D892B0-08CD-479B-8DBA-2E296A2139EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "16E5978D-49B7-4948-A57F-D0903CC2726B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "175E800A-6295-4EDD-AD76-AED50C4ED29F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "DD429092-758C-40E2-9B62-552062DE5C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "4B124905-C4EB-4943-BF9D-97DD9C63C773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "F1382D94-3442-4770-99BC-A803DB7D99CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "72682900-3DEA-43E8-9E60-04D8AA575353", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "2614708B-D88A-45D1-989A-EC1F18B2ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "48101840-E58F-4E2D-BA2D-8D07F76E1EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "56285B40-74FB-4AE4-9998-09D3CC2FA76B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "4322AC03-A133-4778-A2F1-AD509764BB00", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E4779EAE-28C3-454F-853C-45D7A4B264BC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "34EB1A01-873A-4395-84D9-B048E2E12A43", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "389FB05C-C41F-4162-B868-472A6FEE18BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "944C87F4-591A-46A3-A6BE-68CF070D2557", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "6A5CA6EF-184A-4D35-A430-8D708041C139", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "7264CABF-8603-445F-8728-A53575239BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "776B722D-0DA6-4994-9323-06165E562489", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "77A16675-CD3A-427B-888E-B1D8A51189AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B28A24AD-C225-45B3-8156-5A8107A7073C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "22B75008-7F05-4923-88D9-0D6619568C8E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "C4A5D3CC-282D-484F-99E3-5D087F759C4A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "8799CB21-5F98-4368-A1BC-2746438757CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "B4315F2E-5272-4D09-80AF-A65AE52E37CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "9CCD4355-CE24-4F14-A348-BB76470E4DC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "79D7994A-ABDF-4F02-841D-B082917CA9F3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "7B33EFE6-68BB-46FD-834D-B767641E1AC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "71FFFD6C-1243-480F-874E-3548EED2D471", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "76906A3F-9A22-453F-BCCF-35C248E6788C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E7A176BB-A188-44A9-9E52-D385B13D328F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "DF881FCD-8E4C-47AC-ABED-05F805D3DED8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "06C3E2C7-C113-4224-8F4F-3BDD3B800B04", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "F376D1B3-5801-4BC3-B060-39DC928A9838", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "0ACC7FBF-34A3-4A95-A7B0-396AB194976A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "AA8408AC-5380-4C77-BA49-C236F0CBB51F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web.", }, ], id: "CVE-2017-0249", lastModified: "2024-11-21T03:02:37.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:04.003", references: [ { source: "secure@microsoft.com", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://github.com/aspnet/Announcements/issues/239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://github.com/aspnet/Announcements/issues/239", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72D49ACA-0755-425C-9162-8D40D7AADDC5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EAB52597-3458-4816-8432-7948CA21B8C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "86207D1B-AE1B-4826-B07A-75815A5ED06B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E96E6585-EA7C-47A7-B6EF-9926758E90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "292C4DAD-1CBB-41DF-9E45-F8D594C03097", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "BC76DD26-1A09-419D-9156-16042FF7D508", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "2A701C76-6AC7-4230-B0C5-9CD91010349C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "6E801676-656E-43F6-8C4E-EE0BD5EAF23E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "DE818227-C9F3-49BA-80D1-FA49FA46B8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B7E8D173-9F85-4796-8A97-A77A531A3C79", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "893BD886-23DC-41E9-9DD1-C367F1638CFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "2F9CCC49-348F-44A3-8412-17B689B0B0B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "40ACE580-63FC-44A6-A1A3-19113BCF96B7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3A31726B-E001-4568-9538-150C438D4D82", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "22473819-A864-4568-BB4F-B1B61D6BE768", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "25F6E532-9282-4444-BE83-1D4254B78E98", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3D3B725F-E01E-4B44-B6FE-D384CB081880", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "CD9CA7E6-4622-48CE-87DD-43850E6A3D94", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "9F0BE208-E908-4D55-ABC0-01899A7BCF3B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "BEB9143D-39A5-4A1A-8CF6-50A234476914", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "784D8767-E542-4BEA-AC04-190EB86ACE44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B051C0F9-2D90-4F21-A4A3-49E52E4580F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "24849B2C-4475-4F63-99F8-D63AC7455AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E53251EE-7C63-4597-817D-E0E046D45E7D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "C4B607A3-3637-4785-A7FA-074B370B57A2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "10769FE6-90C1-41EF-B59C-2DF602798AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "9F2FF0F8-0447-442F-99C7-AAE364942263", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "82A352B2-00B5-40EB-A053-3871999FF549", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "1CBD8554-F155-4265-9ABA-27F2CFDB6645", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "1D0612F5-8621-4FEB-B84D-6116CD92C671", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "D917236C-B53D-454C-9FCD-4D0F48849C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "32B849F2-CD4B-45DB-86DD-77248ED82C56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "5A08EDE3-035D-4A4F-AF2A-FDFC02264841", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "28A15818-8AB8-4253-9D82-D968B05D4416", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "C59BDECB-3184-4BE3-91B5-4703170D6E72", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "F861A072-D917-4BF5-99D3-3C9AD99A70EE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "79F08C0E-5A28-4A8D-9987-CC273A38CDB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "F8A9187E-AAF3-4186-9014-13D304463F44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "19022A88-C140-4C64-8BAD-43CE0E448D78", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "36170C72-162C-44F1-8291-DCF12AAC3D06", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "97E0DE96-A8CA-4395-8955-3223754A7678", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "95D892B0-08CD-479B-8DBA-2E296A2139EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "16E5978D-49B7-4948-A57F-D0903CC2726B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "175E800A-6295-4EDD-AD76-AED50C4ED29F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "DD429092-758C-40E2-9B62-552062DE5C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "4B124905-C4EB-4943-BF9D-97DD9C63C773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "F1382D94-3442-4770-99BC-A803DB7D99CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "72682900-3DEA-43E8-9E60-04D8AA575353", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "2614708B-D88A-45D1-989A-EC1F18B2ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "48101840-E58F-4E2D-BA2D-8D07F76E1EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "56285B40-74FB-4AE4-9998-09D3CC2FA76B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "4322AC03-A133-4778-A2F1-AD509764BB00", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E4779EAE-28C3-454F-853C-45D7A4B264BC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "34EB1A01-873A-4395-84D9-B048E2E12A43", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "389FB05C-C41F-4162-B868-472A6FEE18BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "944C87F4-591A-46A3-A6BE-68CF070D2557", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "6A5CA6EF-184A-4D35-A430-8D708041C139", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "7264CABF-8603-445F-8728-A53575239BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "776B722D-0DA6-4994-9323-06165E562489", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "77A16675-CD3A-427B-888E-B1D8A51189AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B28A24AD-C225-45B3-8156-5A8107A7073C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "22B75008-7F05-4923-88D9-0D6619568C8E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "C4A5D3CC-282D-484F-99E3-5D087F759C4A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "8799CB21-5F98-4368-A1BC-2746438757CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "B4315F2E-5272-4D09-80AF-A65AE52E37CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "9CCD4355-CE24-4F14-A348-BB76470E4DC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "79D7994A-ABDF-4F02-841D-B082917CA9F3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "7B33EFE6-68BB-46FD-834D-B767641E1AC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "71FFFD6C-1243-480F-874E-3548EED2D471", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "76906A3F-9A22-453F-BCCF-35C248E6788C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E7A176BB-A188-44A9-9E52-D385B13D328F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "DF881FCD-8E4C-47AC-ABED-05F805D3DED8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "06C3E2C7-C113-4224-8F4F-3BDD3B800B04", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "F376D1B3-5801-4BC3-B060-39DC928A9838", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "0ACC7FBF-34A3-4A95-A7B0-396AB194976A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "AA8408AC-5380-4C77-BA49-C236F0CBB51F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web.", }, ], id: "CVE-2017-0256", lastModified: "2024-11-21T03:02:38.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:04.457", references: [ { source: "secure@microsoft.com", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://github.com/aspnet/Announcements/issues/239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://github.com/aspnet/Announcements/issues/239", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
secure@microsoft.com | https://technet.microsoft.com/en-us/library/security/4021279.aspx | Patch, Vendor Advisory | |
secure@microsoft.com | https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/aspnet/Announcements/issues/239 | Technical Description, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://technet.microsoft.com/en-us/library/security/4021279.aspx | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72D49ACA-0755-425C-9162-8D40D7AADDC5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EAB52597-3458-4816-8432-7948CA21B8C1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "86207D1B-AE1B-4826-B07A-75815A5ED06B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E96E6585-EA7C-47A7-B6EF-9926758E90DC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "292C4DAD-1CBB-41DF-9E45-F8D594C03097", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "BC76DD26-1A09-419D-9156-16042FF7D508", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "2A701C76-6AC7-4230-B0C5-9CD91010349C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "6E801676-656E-43F6-8C4E-EE0BD5EAF23E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "69E0C257-E39A-4404-AFE5-4D15BFA2DD7E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "DE818227-C9F3-49BA-80D1-FA49FA46B8BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B7E8D173-9F85-4796-8A97-A77A531A3C79", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "893BD886-23DC-41E9-9DD1-C367F1638CFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "2F9CCC49-348F-44A3-8412-17B689B0B0B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "40ACE580-63FC-44A6-A1A3-19113BCF96B7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "88D4AEE2-23B8-4FE6-A118-66735EF8BA5B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3A31726B-E001-4568-9538-150C438D4D82", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "22473819-A864-4568-BB4F-B1B61D6BE768", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "25F6E532-9282-4444-BE83-1D4254B78E98", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3D3B725F-E01E-4B44-B6FE-D384CB081880", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "CD9CA7E6-4622-48CE-87DD-43850E6A3D94", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "9F0BE208-E908-4D55-ABC0-01899A7BCF3B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "BEB9143D-39A5-4A1A-8CF6-50A234476914", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "784D8767-E542-4BEA-AC04-190EB86ACE44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B051C0F9-2D90-4F21-A4A3-49E52E4580F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "24849B2C-4475-4F63-99F8-D63AC7455AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E53251EE-7C63-4597-817D-E0E046D45E7D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "C4B607A3-3637-4785-A7FA-074B370B57A2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "10769FE6-90C1-41EF-B59C-2DF602798AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "9F2FF0F8-0447-442F-99C7-AAE364942263", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "82A352B2-00B5-40EB-A053-3871999FF549", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "1CBD8554-F155-4265-9ABA-27F2CFDB6645", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "1D0612F5-8621-4FEB-B84D-6116CD92C671", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "D917236C-B53D-454C-9FCD-4D0F48849C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "B337AA31-B98C-47BD-B5C3-F2699FD0F3FA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "32B849F2-CD4B-45DB-86DD-77248ED82C56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "5A08EDE3-035D-4A4F-AF2A-FDFC02264841", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "28A15818-8AB8-4253-9D82-D968B05D4416", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "C59BDECB-3184-4BE3-91B5-4703170D6E72", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "F861A072-D917-4BF5-99D3-3C9AD99A70EE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "79F08C0E-5A28-4A8D-9987-CC273A38CDB0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "F8A9187E-AAF3-4186-9014-13D304463F44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "19022A88-C140-4C64-8BAD-43CE0E448D78", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "36170C72-162C-44F1-8291-DCF12AAC3D06", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "97E0DE96-A8CA-4395-8955-3223754A7678", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "95D892B0-08CD-479B-8DBA-2E296A2139EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "18B1353C-D7FF-4B05-A0E0-17E06BB0BB01", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "16E5978D-49B7-4948-A57F-D0903CC2726B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "175E800A-6295-4EDD-AD76-AED50C4ED29F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "DD429092-758C-40E2-9B62-552062DE5C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "4B124905-C4EB-4943-BF9D-97DD9C63C773", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "F1382D94-3442-4770-99BC-A803DB7D99CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "CCF8ED4C-E275-4CCD-8D37-EFBB858731FE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "72682900-3DEA-43E8-9E60-04D8AA575353", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "2614708B-D88A-45D1-989A-EC1F18B2ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "A43E17E5-B98E-4ED2-8745-DCEEBF7D122D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "48101840-E58F-4E2D-BA2D-8D07F76E1EB1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "20669ACD-4EA1-4B4A-A26B-E4F702B7FB50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "56285B40-74FB-4AE4-9998-09D3CC2FA76B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "4322AC03-A133-4778-A2F1-AD509764BB00", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E4779EAE-28C3-454F-853C-45D7A4B264BC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "34EB1A01-873A-4395-84D9-B048E2E12A43", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "389FB05C-C41F-4162-B868-472A6FEE18BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "944C87F4-591A-46A3-A6BE-68CF070D2557", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "83FB8E69-0103-4FAA-94D8-DA1FDF0532BD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "6A5CA6EF-184A-4D35-A430-8D708041C139", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "7264CABF-8603-445F-8728-A53575239BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "776B722D-0DA6-4994-9323-06165E562489", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "77A16675-CD3A-427B-888E-B1D8A51189AA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "B28A24AD-C225-45B3-8156-5A8107A7073C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "22B75008-7F05-4923-88D9-0D6619568C8E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "C4A5D3CC-282D-484F-99E3-5D087F759C4A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "8799CB21-5F98-4368-A1BC-2746438757CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "B4315F2E-5272-4D09-80AF-A65AE52E37CD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "9CCD4355-CE24-4F14-A348-BB76470E4DC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*", matchCriteriaId: "FF31C77E-67CA-481E-B4E2-2AE2941A4CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "79D7994A-ABDF-4F02-841D-B082917CA9F3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "7B33EFE6-68BB-46FD-834D-B767641E1AC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*", matchCriteriaId: "71FFFD6C-1243-480F-874E-3548EED2D471", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "76906A3F-9A22-453F-BCCF-35C248E6788C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "E7A176BB-A188-44A9-9E52-D385B13D328F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*", matchCriteriaId: "DF881FCD-8E4C-47AC-ABED-05F805D3DED8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "06C3E2C7-C113-4224-8F4F-3BDD3B800B04", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "F376D1B3-5801-4BC3-B060-39DC928A9838", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "0ACC7FBF-34A3-4A95-A7B0-396AB194976A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "AA8408AC-5380-4C77-BA49-C236F0CBB51F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*", matchCriteriaId: "E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.", }, { lang: "es", value: "Se presenta una vulnerabilidad de denegación de servicio cuando el Core de ASP.NET no puede comprobar apropiadamente las peticiones web. NOTA: Microsoft no ha comentado en reclamos de terceros de que el problema es que la función TextEncoder.EncodeCore en el paquete System.Text.Encodings.Web en ASP.NET Core Mvc versiones anteriores a 1.0.4 y versiones 1.1.x anteriores a 1.1.3 permite a los atacantes remotos causar una denegación de servicio aprovechando un fallo en calcular apropiadamente la longitud de los caracteres de 4 bytes en el rango sin carácter Unicode.", }, ], id: "CVE-2017-0247", lastModified: "2024-11-21T03:02:37.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:03.910", references: [ { source: "secure@microsoft.com", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://github.com/aspnet/Announcements/issues/239", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://github.com/aspnet/Announcements/issues/239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://technet.microsoft.com/en-us/library/security/4021279.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.sidertia.com/Home/Community/Blog/2017/05/18/ASPNET-Core-Unicode-Non-Char-Encoding-DoS", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }