CVE-2018-0787

Published: Mar 14, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Affected (3)

Products: Microsoft: Asp.net Core

Microsoft

1 product

Asp.net Core

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Asp.net Core	Version 1.0
Microsoft Asp.net Core	Version 1.1
Microsoft Asp.net Core	Version 2.0

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (8)

http://www.securityfocus.com/bid/103282

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040525

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://github.com/aspnet/Announcements/issues/295

Source: secure@microsoft.com

Technical DescriptionThird Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/103282

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040525

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/aspnet/Announcements/issues/295

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.