We found results for “”
CVE-2018-0787
Good to know:
Date: March 13, 2018
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Language: C#
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Weak Password Recovery Mechanism for Forgotten Password
CWE-640Top Fix
Upgrade Version
Upgrade to version Microsoft.AspNetCore.HttpOverrides - 2.0.2, Microsoft.AspNetCore.Server.Kestrel.Core - 2.0.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |