CVE-2018-0787

HIGH8.8EPSS 17.5%

ASP.NET Core allow an elevation of privilege

發布日:2018/10/16修改日:2023/11/8

描述

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

受影響套件(2)

NuGet/Microsoft.AspNetCore.HttpOverrides>= 2.0.0, < 2.0.2
NuGet/Microsoft.AspNetCore.Server.Kestrel.Core>= 2.0.0, < 2.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(6)

ADVISORYhttps://github.com/advisories/GHSA-365p-96qv-xr7g
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0787
WEBhttps://github.com/aspnet/Announcements/issues/295
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
WEBhttp://www.securityfocus.com/bid/103282
WEBhttp://www.securitytracker.com/id/1040525