CVE-2017-0249
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
Summary
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
References
secure@microsoft.comhttps://github.com/aspnet/Announcements/issues/239Technical Description, Third Party Advisory
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:55:19.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/aspnet/Announcements/issues/239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ASP.NET Core",
          "vendor": "Microsoft Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ASP.NET Core"
            }
          ]
        }
      ],
      "datePublic": "2017-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-12T13:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aspnet/Announcements/issues/239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2017-0249",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ASP.NET Core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ASP.NET Core"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aspnet/Announcements/issues/239",
              "refsource": "MISC",
              "url": "https://github.com/aspnet/Announcements/issues/239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2017-0249",
    "datePublished": "2017-05-12T14:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-05T12:55:19.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-0249\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-05-12T14:29:04.003\",\"lastModified\":\"2021-06-30T16:54:22.617\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D49ACA-0755-425C-9162-8D40D7AADDC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB52597-3458-4816-8432-7948CA21B8C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEB20C7-882C-44DB-86BF-FC56D4B5CD2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86207D1B-AE1B-4826-B07A-75815A5ED06B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96E6585-EA7C-47A7-B6EF-9926758E90DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"292C4DAD-1CBB-41DF-9E45-F8D594C03097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A5B65AF-6AE0-4CB0-9877-E8EF1C1A1D8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E7A0531D-F1A2-46D8-B8A4-AE53BC691C3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BC76DD26-1A09-419D-9156-16042FF7D508\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2A701C76-6AC7-4230-B0C5-9CD91010349C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"6E801676-656E-43F6-8C4E-EE0BD5EAF23E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"69E0C257-E39A-4404-AFE5-4D15BFA2DD7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DE818227-C9F3-49BA-80D1-FA49FA46B8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B7E8D173-9F85-4796-8A97-A77A531A3C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"893BD886-23DC-41E9-9DD1-C367F1638CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BA58DBE2-9E83-4D69-A8DD-AB4E0CBD17D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2F9CCC49-348F-44A3-8412-17B689B0B0B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"40ACE580-63FC-44A6-A1A3-19113BCF96B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"88D4AEE2-23B8-4FE6-A118-66735EF8BA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"3A31726B-E001-4568-9538-150C438D4D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"22473819-A864-4568-BB4F-B1B61D6BE768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"25F6E532-9282-4444-BE83-1D4254B78E98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"3D3B725F-E01E-4B44-B6FE-D384CB081880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"CD9CA7E6-4622-48CE-87DD-43850E6A3D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"9F0BE208-E908-4D55-ABC0-01899A7BCF3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BEB9143D-39A5-4A1A-8CF6-50A234476914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"784D8767-E542-4BEA-AC04-190EB86ACE44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B051C0F9-2D90-4F21-A4A3-49E52E4580F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"24849B2C-4475-4F63-99F8-D63AC7455AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E53251EE-7C63-4597-817D-E0E046D45E7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"C4B607A3-3637-4785-A7FA-074B370B57A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"10769FE6-90C1-41EF-B59C-2DF602798AA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"BEE6B70C-4E71-4EA2-9B3A-1B118CEE8461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"9F2FF0F8-0447-442F-99C7-AAE364942263\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"82A352B2-00B5-40EB-A053-3871999FF549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"1CBD8554-F155-4265-9ABA-27F2CFDB6645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"1D0612F5-8621-4FEB-B84D-6116CD92C671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"D917236C-B53D-454C-9FCD-4D0F48849C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B337AA31-B98C-47BD-B5C3-F2699FD0F3FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"32B849F2-CD4B-45DB-86DD-77248ED82C56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"3FAB9E0E-D0D9-45F6-88CA-F16F859C33C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"5A08EDE3-035D-4A4F-AF2A-FDFC02264841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"28A15818-8AB8-4253-9D82-D968B05D4416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"C59BDECB-3184-4BE3-91B5-4703170D6E72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F861A072-D917-4BF5-99D3-3C9AD99A70EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"79F08C0E-5A28-4A8D-9987-CC273A38CDB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F8A9187E-AAF3-4186-9014-13D304463F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"19022A88-C140-4C64-8BAD-43CE0E448D78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"36170C72-162C-44F1-8291-DCF12AAC3D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"97E0DE96-A8CA-4395-8955-3223754A7678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"95D892B0-08CD-479B-8DBA-2E296A2139EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"18B1353C-D7FF-4B05-A0E0-17E06BB0BB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"16E5978D-49B7-4948-A57F-D0903CC2726B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"D9FA1BA0-6E3F-46FD-BBEC-0546A3B973B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"175E800A-6295-4EDD-AD76-AED50C4ED29F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DD429092-758C-40E2-9B62-552062DE5C99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"4B124905-C4EB-4943-BF9D-97DD9C63C773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F1382D94-3442-4770-99BC-A803DB7D99CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"CCF8ED4C-E275-4CCD-8D37-EFBB858731FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"72682900-3DEA-43E8-9E60-04D8AA575353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2614708B-D88A-45D1-989A-EC1F18B2ECF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"744B9E1F-ADB9-4B4B-AFAD-EAD5C91EEBAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"A43E17E5-B98E-4ED2-8745-DCEEBF7D122D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"48101840-E58F-4E2D-BA2D-8D07F76E1EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"20669ACD-4EA1-4B4A-A26B-E4F702B7FB50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7FC1D9F9-FFC7-46DD-B5BD-518198BD6B7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"56285B40-74FB-4AE4-9998-09D3CC2FA76B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"4322AC03-A133-4778-A2F1-AD509764BB00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E4779EAE-28C3-454F-853C-45D7A4B264BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"34EB1A01-873A-4395-84D9-B048E2E12A43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"389FB05C-C41F-4162-B868-472A6FEE18BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"EBE430A8-4D97-4BAC-ABCE-4FE10766B8C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"4A657B85-FF9B-4ED8-BAEE-1BABC7CA2955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"944C87F4-591A-46A3-A6BE-68CF070D2557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"83FB8E69-0103-4FAA-94D8-DA1FDF0532BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"6A5CA6EF-184A-4D35-A430-8D708041C139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7264CABF-8603-445F-8728-A53575239BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"776B722D-0DA6-4994-9323-06165E562489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"77A16675-CD3A-427B-888E-B1D8A51189AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B28A24AD-C225-45B3-8156-5A8107A7073C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DF9D2BE0-A57B-40B8-821F-65C29D9E6CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"22B75008-7F05-4923-88D9-0D6619568C8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"C4A5D3CC-282D-484F-99E3-5D087F759C4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"8799CB21-5F98-4368-A1BC-2746438757CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7A2D0F4D-432E-4E3F-AFC4-5FE00BBA309E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"B4315F2E-5272-4D09-80AF-A65AE52E37CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"9CCD4355-CE24-4F14-A348-BB76470E4DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"FF31C77E-67CA-481E-B4E2-2AE2941A4CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"79D7994A-ABDF-4F02-841D-B082917CA9F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"7B33EFE6-68BB-46FD-834D-B767641E1AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"71FFFD6C-1243-480F-874E-3548EED2D471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"76906A3F-9A22-453F-BCCF-35C248E6788C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E7A176BB-A188-44A9-9E52-D385B13D328F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"DF881FCD-8E4C-47AC-ABED-05F805D3DED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"06C3E2C7-C113-4224-8F4F-3BDD3B800B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"EE31A209-11BA-45CB-8DC7-8E6CCBCEEC36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"F376D1B3-5801-4BC3-B060-39DC928A9838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"2EBDCB70-2C4C-4EDC-8DF9-6CA99732F404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"0ACC7FBF-34A3-4A95-A7B0-396AB194976A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"AA8408AC-5380-4C77-BA49-C236F0CBB51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*\",\"matchCriteriaId\":\"E73FEB32-4CCB-460F-BC5B-E9BBFB8A6F66\"}]}]}],\"references\":[{\"url\":\"https://github.com/aspnet/Announcements/issues/239\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.