CVE-2018-0787
HIGHASP.NET Core 1.0, 1.1, 2.0 - Elevation of Privilege via Web Request Validation
Title source: llmDescription
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040525
Technical Description, Third Party Advisory x_refsource_confirm
https://github.com/aspnet/Announcements/issues/295
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103282
Scores
CVSS v3
8.8
EPSS
0.0968
EPSS Percentile
94.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (5)
microsoft/asp.net_core
1.0
microsoft/asp.net_core
1.1
microsoft/asp.net_core
2.0
nuget/Microsoft.AspNetCore.HttpOverrides
2.0.0 - 2.0.2NuGet
nuget/Microsoft.AspNetCore.Server.Kestrel.Core
2.0.0 - 2.0.2NuGet
Published
Mar 14, 2018
Tracked Since
Feb 18, 2026