CVE-2017-0249
published 2017-05-12CVE-2017-0249: An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
PriorityP341high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
EPSS
4.13%
89.6th percentile
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Affected
136 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | — | — |
| microsoft | microsoft.aspnetcore.mvc.abstractions | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.abstractions | >= 1.1.0 < 1.1.3 | 1.1.3 |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | — | — |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | >= 1.0.0 < 1.0.4 | 1.0.4 |
| microsoft | microsoft.aspnetcore.mvc.apiexplorer | >= 1.1.0 < 1.1.3 | 1.1.3 |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.3HIGH
osv7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
osv·2018-10-16·CVSS 7.3
CVE-2017-0249 [HIGH] High severity vulnerability that affects Microsoft.AspNetCore.Mvc
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249
GHSA
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
ghsa·2018-10-16·CVSS 7.3
CVE-2017-0249 [HIGH] CWE-20 High severity vulnerability that affects Microsoft.AspNetCore.Mvc
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-7033 JBoss bpms: stored XSS in dashbuilder
bugzilla·2016-09-06·CVSS 6.1
CVE-2016-7033 [MEDIUM] CVE-2016-7033 JBoss bpms: stored XSS in dashbuilder
CVE-2016-7033 JBoss bpms: stored XSS in dashbuilder
Multiple stored XSS have been found in admin pages in jbpms 6.3.2 dashbuilder.
The vulnerable points are only accessible by admins so the risk is low, however, attackers may be able to exploit them combining with other vulnerabilities.
Discussion:
Acknowledgments:
Name: Jeremy Choi (Red Hat Product Security Team)
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite 6.4.1
Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html
Bugzilla
CVE-2016-6344 JBoss bpms 6.3.x cookie does not set httponly
bugzilla·2016-08-31·CVSS 5.3
CVE-2016-6344 [MEDIUM] CVE-2016-6344 JBoss bpms 6.3.x cookie does not set httponly
CVE-2016-6344 JBoss bpms 6.3.x cookie does not set httponly
Cookies including JSESSIONID does not set httponly, so attackers may be able to access information which needs authentication using them.
Discussion:
Acknowledgments:
Name: Jeremy Choi (Red Hat Product Security Team)
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite 6.4.1
Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html
---
This issue has been addressed in the following products:
Red Hat JBoss BRMS 6.4.1
Via RHSA-2017:0248 https://rhn.redhat.com/errata/RHSA-2017-0248.html
Bugzilla
CVE-2016-4434 tika: XML External Entity vulnerability
bugzilla·2016-05-27·CVSS 7.8
CVE-2016-4434 [HIGH] CVE-2016-4434 tika: XML External Entity vulnerability
CVE-2016-4434 tika: XML External Entity vulnerability
Apache Tika parses XML within numerous file formats. In some instances, such as spreadsheets in OOXML files, XMP in PDF, and other file formats, the initialization of the XML parser or the choice of handlers did not protect against XML External Entity (XXE) vulnerabilities.
References:
http://seclists.org/oss-sec/2016/q2/413
Discussion:
Created tika tracking bugs for this issue:
Affects: fedora-all [bug 1340387]
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite 6.4.1
Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html
---
This issue has been addressed in the following products:
Red Hat JBoss BRMS 6.4.1
Via RHSA-2017:0248 https://rhn.redhat.com/errata/RHSA-2017-0248.html
2017-05-12
Published