Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
24 vulnerabilities found for ASP.NET by Microsoft
VAR-201705-3317
Vulnerability from variot - Updated: 2023-12-18 13:24A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3317",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0256"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikhail Shcherbakov",
"sources": [
{
"db": "BID",
"id": "98290"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0256",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-08173",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0256",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0256",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-08173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-735",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-0256",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Attackers can use this vulnerability to forge requests. \nAn attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0256",
"trust": 3.4
},
{
"db": "BID",
"id": "98290",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-08173",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-0256",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"id": "VAR-201705-3317",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
}
]
},
"last_update_date": "2023-12-18T13:24:27.044000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Spoofing Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94465"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70330"
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shiftingleft/dotnet-scm-test "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jnewman-sonatype/dotnettest "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0256"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"db": "BID",
"id": "98290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98290"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"date": "2017-05-12T14:29:04.457000",
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"date": "2017-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08173"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0256"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98290"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003295"
},
{
"date": "2021-06-30T16:54:22.617000",
"db": "NVD",
"id": "CVE-2017-0256"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003295"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-735"
}
],
"trust": 0.6
}
}
VAR-201801-1126
Vulnerability from variot - Updated: 2023-12-18 13:02ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. An attacker can exploit this issue to gain elevated privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asp.net core",
"scope": "eq",
"trust": 3.3,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "K\u00e9vin Chalet",
"sources": [
{
"db": "BID",
"id": "102377"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-0784",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-00899",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-0784",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0784",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-00899",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-406",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user\u0027s security context. \nAn attacker can exploit this issue to gain elevated privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
},
{
"db": "BID",
"id": "102377"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0784",
"trust": 3.3
},
{
"db": "BID",
"id": "102377",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1040151",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00899",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"id": "VAR-201801-1126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
}
]
},
"last_update_date": "2023-12-18T13:02:48.494000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784"
},
{
"title": "CVE-2018-0784 | ASP.NET Core \u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-0784"
},
{
"title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2018-00899)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113385"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/102377"
},
{
"trust": 2.2,
"url": "http://www.securitytracker.com/id/1040151"
},
{
"trust": 1.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0784"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2018/at180002.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0784"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"db": "BID",
"id": "102377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102377"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"date": "2018-01-10T01:29:00.243000",
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00899"
},
{
"date": "2018-01-09T00:00:00",
"db": "BID",
"id": "102377"
},
{
"date": "2018-02-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001241"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-0784"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-406"
}
],
"trust": 0.6
}
}
VAR-201705-3360
Vulnerability from variot - Updated: 2023-12-18 12:44An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "98118"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-0249",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07323",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-0249",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0249",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-0249",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Microsoft ASP.NET Core Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0249",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07323",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736",
"trust": 0.6
},
{
"db": "BID",
"id": "98118",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-0249",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"id": "VAR-201705-3360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
}
]
},
"last_update_date": "2023-12-18T12:44:36.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94179"
},
{
"title": "Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70329"
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/shiftingleft/dotnet-scm-test "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jnewman-sonatype/dotnettest "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0249"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0249"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98118"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"db": "BID",
"id": "98118"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98118"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"date": "2017-05-12T14:29:04.003000",
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07323"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0249"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98118"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003294"
},
{
"date": "2021-06-30T16:54:22.617000",
"db": "NVD",
"id": "CVE-2017-0249"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-736"
}
],
"trust": 0.6
}
}
VAR-201705-3358
Vulnerability from variot - Updated: 2023-12-18 12:37A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.websockets.client",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.security",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.0"
},
{
"model": "system.text.encodings.web",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.0"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": "system.net.http.winhttphandler",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0.1"
},
{
"model": "system.net.http",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.dataannotations",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.0"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.taghelpers",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "microsoft.aspnetcore.mvc.apiexplorer",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.abstractions",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.webapicompatshim",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.3"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.json",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.razor.host",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.viewfeatures",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "microsoft.aspnetcore.mvc.cors",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.1"
},
{
"model": "asp.net model view controller",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.localization",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.0"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.1.2"
},
{
"model": "microsoft.aspnetcore.mvc.formatters.xml",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "1.0.2"
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "core"
},
{
"model": "asp.net core",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "asp.net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.websockets.client:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.text.encodings.web:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.3.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http:4.3.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.abstractions:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.apiexplorer:1.1.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:asp.net_model_view_controller:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.cors:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.dataannotations:1.1.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.json:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.formatters.xml:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.localization:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.0.3:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.razor.host:1.1.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.taghelpers:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.viewfeatures:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:microsoft.aspnetcore.mvc.webapicompatshim:1.0.2:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.http.winhttphandler:4.0.1:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:system.net.security:4.0.0:*:*:*:*:asp.net:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Fernandez of Sidertia Solutions",
"sources": [
{
"db": "BID",
"id": "98116"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0247",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07322",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-0247",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0247",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07322",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-0247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Microsoft ASP.NET Core Contains an input validation vulnerability.Information may be tampered with. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker can use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0247",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07322",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737",
"trust": 0.6
},
{
"db": "BID",
"id": "98116",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-0247",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"id": "VAR-201705-3358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
}
],
"trust": 0.81178882
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
}
]
},
"last_update_date": "2023-12-18T12:37:26.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Microsoft Security Advisory 4021279: Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege #239",
"trust": 0.8,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"title": "Patch for Microsoft ASP.NET Core Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94177"
},
{
"title": "Microsoft ASP.NET Core Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70331"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/dotnet/source-build-reference-packages "
},
{
"title": "OssIndexClient",
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/aspnet/announcements/issues/239"
},
{
"trust": 1.7,
"url": "https://www.sidertia.com/home/community/blog/2017/05/18/aspnet-core-unicode-non-char-encoding-dos"
},
{
"trust": 1.7,
"url": "https://technet.microsoft.com/en-us/library/security/4021279.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0247"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0247"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "https://technet.microsoft.com/library/security/4021279.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/source-build-reference-packages"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/simoncropp/ossindexclient"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=53814"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"db": "BID",
"id": "98116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-10T00:00:00",
"db": "BID",
"id": "98116"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"date": "2017-05-12T14:29:03.910000",
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07322"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-0247"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98116"
},
{
"date": "2017-05-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003293"
},
{
"date": "2021-06-30T16:54:22.617000",
"db": "NVD",
"id": "CVE-2017-0247"
},
{
"date": "2021-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ASP.NET Core Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-737"
}
],
"trust": 0.6
}
}
CVE-2018-8171 (GCVE-0-2018-8171)
Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
VLAI
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Severity
No CVSS data available.
CWE
- Security Feature Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041267 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104659 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | ASP.NET |
Affected:
Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
|
| Microsoft | ASP.NET Core |
Affected:
1.0
Affected: 1.1 Affected: 2.0 |
|
| Microsoft | ASP.NET MVC 5.2 |
Affected:
Microsoft Visual Studio 2013 Update 5
Affected: Microsoft Visual Studio 2015 Update 3 |
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET MVC 5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Microsoft Visual Studio 2015 Update 3"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET MVC 5.2",
"version": {
"version_data": [
{
"version_value": "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8171",
"datePublished": "2018-07-11T00:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:13.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2088 (GCVE-0-2010-2088)
Vulnerability from cvelistv5 – Published: 2010-05-27 18:32 – Updated: 2024-09-16 22:21
VLAI
Summary
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
| http://www.blackhat.com/presentations/bh-dc-10/By… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-27T18:32:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"name": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2088",
"datePublished": "2010-05-27T18:32:00.000Z",
"dateReserved": "2010-05-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:05.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2084 (GCVE-0-2010-2084)
Vulnerability from cvelistv5 – Published: 2010-05-27 18:32 – Updated: 2024-09-16 17:43
VLAI
Summary
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.communities.hp.com/securitysoftware/bl… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-27T18:32:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx",
"refsource": "MISC",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2084",
"datePublished": "2010-05-27T18:32:00.000Z",
"dateReserved": "2010-05-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:43:57.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1364 (GCVE-0-2006-1364)
Vulnerability from cvelistv5 – Published: 2006-03-23 11:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/428622/100… | mailing-listx_refsource_BUGTRAQ |
| http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip | x_refsource_MISC |
| http://securitytracker.com/id?1015825 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/17188 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/1601 | exploitx_refsource_EXPLOIT-DB |
| http://www.securiteam.com/windowsntfocus/5KP0O0KI… | x_refsource_MISC |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2006-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"
},
{
"name": "1015825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015825"
},
{
"name": "17188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17188"
},
{
"name": "ms-aspnet-w3wp-dos(25392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"
},
{
"name": "1601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"
},
{
"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"
},
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"
},
{
"name": "1015825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015825"
},
{
"name": "17188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17188"
},
{
"name": "ms-aspnet-w3wp-dos(25392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"
},
{
"name": "1601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"
},
{
"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"
},
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060322 w3wp remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"
},
{
"name": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip",
"refsource": "MISC",
"url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"
},
{
"name": "1015825",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015825"
},
{
"name": "17188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17188"
},
{
"name": "ms-aspnet-w3wp-dos(25392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"
},
{
"name": "1601",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1601"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"
},
{
"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"
},
{
"name": "20060322 w3wp remote DoS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1364",
"datePublished": "2006-03-23T11:00:00.000Z",
"dateReserved": "2006-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:20.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2224 (GCVE-0-2005-2224)
Vulnerability from cvelistv5 – Published: 2005-07-12 04:00 – Updated: 2024-08-07 22:22
VLAI
Summary
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.spidynamics.com/spilabs/advisories/asp… | x_refsource_MISC |
| http://www.securityfocus.com/bid/14217 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/16005 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
},
{
"name": "14217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14217"
},
{
"name": "16005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
},
{
"name": "14217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14217"
},
{
"name": "16005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html",
"refsource": "MISC",
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
},
{
"name": "14217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14217"
},
{
"name": "16005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2224",
"datePublished": "2005-07-12T04:00:00.000Z",
"dateReserved": "2005-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:22:47.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1665 (GCVE-0-2005-1665)
Vulnerability from cvelistv5 – Published: 2005-05-18 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111513127704270&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://scottonwriting.net/sowblog/posts/3747.aspx | x_refsource_MISC |
| http://www.osvdb.org/16195 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/15241 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-dos(20408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "16195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16195"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-dos(20408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "16195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16195"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-dos(20408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408"
},
{
"name": "http://scottonwriting.net/sowblog/posts/3747.aspx",
"refsource": "MISC",
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "16195",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16195"
},
{
"name": "15241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1665",
"datePublished": "2005-05-18T04:00:00.000Z",
"dateReserved": "2005-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:23.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1664 (GCVE-0-2005-1664)
Vulnerability from cvelistv5 – Published: 2005-05-18 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111513127704270&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://scottonwriting.net/sowblog/posts/3747.aspx | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=111532887612517&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/15241 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/16196 | vdb-entryx_refsource_OSVDB |
Date Public
2005-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111532887612517\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-replay(20409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15241"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application\u0027s state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111532887612517\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-replay(20409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15241"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application\u0027s state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "http://scottonwriting.net/sowblog/posts/3747.aspx",
"refsource": "MISC",
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111532887612517\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-replay(20409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409"
},
{
"name": "15241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15241"
},
{
"name": "16196",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1664",
"datePublished": "2005-05-18T04:00:00.000Z",
"dateReserved": "2005-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:24.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0452 (GCVE-0-2005-0452)
Vulnerability from cvelistv5 – Published: 2005-02-16 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=110867912714913&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/14214 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/12574 | vdb-entryx_refsource_BID |
| http://it-project.ru/andir/docs/aspxvuln/aspxvuln… | x_refsource_MISC |
Date Public
2005-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12574"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12574"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12574"
},
{
"name": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml",
"refsource": "MISC",
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0452",
"datePublished": "2005-02-16T05:00:00.000Z",
"dateReserved": "2005-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0847 (GCVE-0-2004-0847)
Vulnerability from cvelistv5 – Published: 2004-10-06 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://sourceforge.net/mailarchive/forum.php?thre… | x_refsource_MISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.us-cert.gov/cas/techalerts/TA05-039A.html | third-party-advisoryx_refsource_CERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.kb.cert.org/vuls/id/283646 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/11342 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/ntbugtraq/… | mailing-listx_refsource_NTBUGTRAQ |
Date Public
2004-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS05-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754"
},
{
"name": "oval:org.mitre.oval:def:4987",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "windows-forms-security-bypass(17644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644"
},
{
"name": "oval:org.mitre.oval:def:3556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556"
},
{
"name": "VU#283646",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/283646"
},
{
"name": "11342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11342"
},
{
"name": "20040914 Security bug in .NET Forms Authentication",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS05-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754"
},
{
"name": "oval:org.mitre.oval:def:4987",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "windows-forms-security-bypass(17644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644"
},
{
"name": "oval:org.mitre.oval:def:3556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556"
},
{
"name": "VU#283646",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/283646"
},
{
"name": "11342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11342"
},
{
"name": "20040914 Security bug in .NET Forms Authentication",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS05-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754"
},
{
"name": "oval:org.mitre.oval:def:4987",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "windows-forms-security-bypass(17644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644"
},
{
"name": "oval:org.mitre.oval:def:3556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556"
},
{
"name": "VU#283646",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/283646"
},
{
"name": "11342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11342"
},
{
"name": "20040914 Security bug in .NET Forms Authentication",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0847",
"datePublished": "2004-10-06T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0768 (GCVE-0-2003-0768)
Vulnerability from cvelistv5 – Published: 2003-09-12 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=106304326916062&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304326916062\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304326916062\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106304326916062\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0768",
"datePublished": "2003-09-12T04:00:00.000Z",
"dateReserved": "2003-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8171 (GCVE-0-2018-8171)
Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
VLAI
Summary
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Severity
No CVSS data available.
CWE
- Security Feature Bypass
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1041267 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/104659 | vdb-entryx_refsource_BID |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | ASP.NET |
Affected:
Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5
Affected: Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3 |
|
| Microsoft | ASP.NET Core |
Affected:
1.0
Affected: 1.1 Affected: 2.0 |
|
| Microsoft | ASP.NET MVC 5.2 |
Affected:
Microsoft Visual Studio 2013 Update 5
Affected: Microsoft Visual Studio 2015 Update 3 |
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:13.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ASP.NET",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
},
{
"product": "ASP.NET Core",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "ASP.NET MVC 5.2",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Microsoft Visual Studio 2013 Update 5"
},
{
"status": "affected",
"version": "Microsoft Visual Studio 2015 Update 3"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1041267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET MVC 5.2",
"version": {
"version_data": [
{
"version_value": "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8171",
"datePublished": "2018-07-11T00:00:00.000Z",
"dateReserved": "2018-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:46:13.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2088 (GCVE-0-2010-2088)
Vulnerability from nvd – Published: 2010-05-27 18:32 – Updated: 2024-09-16 22:21
VLAI
Summary
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
| http://www.blackhat.com/presentations/bh-dc-10/By… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:14.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-27T18:32:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"name": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2088",
"datePublished": "2010-05-27T18:32:00.000Z",
"dateReserved": "2010-05-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:05.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2084 (GCVE-0-2010-2084)
Vulnerability from nvd – Published: 2010-05-27 18:32 – Updated: 2024-09-16 17:43
VLAI
Summary
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.communities.hp.com/securitysoftware/bl… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-27T18:32:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx",
"refsource": "MISC",
"url": "http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2010/03/30/configuration-is-half-the-battle-asp-net-and-cross-site-scripting.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2084",
"datePublished": "2010-05-27T18:32:00.000Z",
"dateReserved": "2010-05-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:43:57.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1364 (GCVE-0-2006-1364)
Vulnerability from nvd – Published: 2006-03-23 11:00 – Updated: 2024-08-07 17:12
VLAI
Summary
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/428622/100… | mailing-listx_refsource_BUGTRAQ |
| http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip | x_refsource_MISC |
| http://securitytracker.com/id?1015825 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/17188 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/1601 | exploitx_refsource_EXPLOIT-DB |
| http://www.securiteam.com/windowsntfocus/5KP0O0KI… | x_refsource_MISC |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2006-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"
},
{
"name": "1015825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015825"
},
{
"name": "17188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17188"
},
{
"name": "ms-aspnet-w3wp-dos(25392)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"
},
{
"name": "1601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/1601"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"
},
{
"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"
},
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"
},
{
"name": "1015825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015825"
},
{
"name": "17188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17188"
},
{
"name": "ms-aspnet-w3wp-dos(25392)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"
},
{
"name": "1601",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/1601"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"
},
{
"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"
},
{
"name": "20060322 w3wp remote DoS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060322 w3wp remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428622/100/0/threaded"
},
{
"name": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip",
"refsource": "MISC",
"url": "http://hackingspirits.com/vuln-rnd/w3wp-remote-dos.zip"
},
{
"name": "1015825",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015825"
},
{
"name": "17188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17188"
},
{
"name": "ms-aspnet-w3wp-dos(25392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25392"
},
{
"name": "1601",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1601"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5KP0O0KI0Y.html"
},
{
"name": "20060322 w3wp remote DoS due to improper reference of STA COM components in ASP.NET",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044291.html"
},
{
"name": "20060322 w3wp remote DoS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044292.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1364",
"datePublished": "2006-03-23T11:00:00.000Z",
"dateReserved": "2006-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:12:20.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2224 (GCVE-0-2005-2224)
Vulnerability from nvd – Published: 2005-07-12 04:00 – Updated: 2024-08-07 22:22
VLAI
Summary
aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.spidynamics.com/spilabs/advisories/asp… | x_refsource_MISC |
| http://www.securityfocus.com/bid/14217 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/16005 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:47.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
},
{
"name": "14217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14217"
},
{
"name": "16005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
},
{
"name": "14217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14217"
},
{
"name": "16005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html",
"refsource": "MISC",
"url": "http://www.spidynamics.com/spilabs/advisories/aspRCP.html"
},
{
"name": "14217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14217"
},
{
"name": "16005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2224",
"datePublished": "2005-07-12T04:00:00.000Z",
"dateReserved": "2005-07-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:22:47.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1665 (GCVE-0-2005-1665)
Vulnerability from nvd – Published: 2005-05-18 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111513127704270&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://scottonwriting.net/sowblog/posts/3747.aspx | x_refsource_MISC |
| http://www.osvdb.org/16195 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/15241 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:23.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-dos(20408)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "16195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16195"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-dos(20408)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "16195",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16195"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-dos(20408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20408"
},
{
"name": "http://scottonwriting.net/sowblog/posts/3747.aspx",
"refsource": "MISC",
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "16195",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16195"
},
{
"name": "15241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1665",
"datePublished": "2005-05-18T04:00:00.000Z",
"dateReserved": "2005-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:23.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1664 (GCVE-0-2005-1664)
Vulnerability from nvd – Published: 2005-05-18 04:00 – Updated: 2024-08-07 21:59
VLAI
Summary
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111513127704270&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://scottonwriting.net/sowblog/posts/3747.aspx | x_refsource_MISC |
| http://marc.info/?l=bugtraq&m=111532887612517&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/15241 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/16196 | vdb-entryx_refsource_OSVDB |
Date Public
2005-05-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111532887612517\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-replay(20409)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15241"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application\u0027s state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111532887612517\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-replay(20409)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409"
},
{
"name": "15241",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15241"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application\u0027s state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050503 ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111513127704270\u0026w=2"
},
{
"name": "http://scottonwriting.net/sowblog/posts/3747.aspx",
"refsource": "MISC",
"url": "http://scottonwriting.net/sowblog/posts/3747.aspx"
},
{
"name": "20050505 Re: ASP.NET __VIEWSTATE crypto validation prone to replay attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111532887612517\u0026w=2"
},
{
"name": "ms-aspnet-viewstate-replay(20409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20409"
},
{
"name": "15241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15241"
},
{
"name": "16196",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1664",
"datePublished": "2005-05-18T04:00:00.000Z",
"dateReserved": "2005-05-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:59:24.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0452 (GCVE-0-2005-0452)
Vulnerability from nvd – Published: 2005-02-16 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=110867912714913&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/14214 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/12574 | vdb-entryx_refsource_BID |
| http://it-project.ru/andir/docs/aspxvuln/aspxvuln… | x_refsource_MISC |
Date Public
2005-02-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12574"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14214",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12574"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \"\u003e\" and \"\u003c\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110867912714913\u0026w=2"
},
{
"name": "14214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12574"
},
{
"name": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml",
"refsource": "MISC",
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0452",
"datePublished": "2005-02-16T05:00:00.000Z",
"dateReserved": "2005-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0847 (GCVE-0-2004-0847)
Vulnerability from nvd – Published: 2004-10-06 04:00 – Updated: 2024-08-08 00:31
VLAI
Summary
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://docs.microsoft.com/en-us/security-updates… | vendor-advisoryx_refsource_MS |
| http://sourceforge.net/mailarchive/forum.php?thre… | x_refsource_MISC |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.us-cert.gov/cas/techalerts/TA05-039A.html | third-party-advisoryx_refsource_CERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.kb.cert.org/vuls/id/283646 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/11342 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/ntbugtraq/… | mailing-listx_refsource_NTBUGTRAQ |
Date Public
2004-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS05-004",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754"
},
{
"name": "oval:org.mitre.oval:def:4987",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "windows-forms-security-bypass(17644)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644"
},
{
"name": "oval:org.mitre.oval:def:3556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556"
},
{
"name": "VU#283646",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/283646"
},
{
"name": "11342",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11342"
},
{
"name": "20040914 Security bug in .NET Forms Authentication",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS05-004",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754"
},
{
"name": "oval:org.mitre.oval:def:4987",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987"
},
{
"name": "TA05-039A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "windows-forms-security-bypass(17644)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644"
},
{
"name": "oval:org.mitre.oval:def:3556",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556"
},
{
"name": "VU#283646",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/283646"
},
{
"name": "11342",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11342"
},
{
"name": "20040914 Security bug in .NET Forms Authentication",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \"\\\" (backslash) or (2) \"%5C\" (encoded backslash), aka \"Path Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS05-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-004"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=5671607\u0026forum_id=24754"
},
{
"name": "oval:org.mitre.oval:def:4987",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4987"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "windows-forms-security-bypass(17644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17644"
},
{
"name": "oval:org.mitre.oval:def:3556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3556"
},
{
"name": "VU#283646",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/283646"
},
{
"name": "11342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11342"
},
{
"name": "20040914 Security bug in .NET Forms Authentication",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2004-q3/0221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0847",
"datePublished": "2004-10-06T04:00:00.000Z",
"dateReserved": "2004-09-08T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0768 (GCVE-0-2003-0768)
Vulnerability from nvd – Published: 2003-09-12 04:00 – Updated: 2024-08-08 02:05
VLAI
Summary
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=106304326916062&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304326916062\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106304326916062\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106304326916062\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0768",
"datePublished": "2003-09-12T04:00:00.000Z",
"dateReserved": "2003-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:05:12.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}