CVE-2017-0249

CWE-20Improper Input Validation7 documents5 sources
Severity
7.3HIGH
EPSS
5.8%
top 9.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Microsoft Corporation Asp.net CoreMicrosoft Asp.net Model View ControllerMicrosoft Microsoft.aspnetcore.mvc.abstractions+16 more
Timeline
PublishedMay 12
Latest updateOct 16

Description

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages39 packages

NuGetMicrosoft.AspNetCore.Mvc1.0.01.0.4+1
NuGetMicrosoft.AspNetCore.Mvc.Core1.0.01.0.4+1
NuGetMicrosoft.AspNetCore.Mvc.Cors1.0.01.0.4+1
NuGetMicrosoft.AspNetCore.Mvc.Razor1.0.01.0.4+1
NuGetMicrosoft.AspNetCore.Mvc.Razor.Host1.0.01.0.4+1

🔴Vulnerability Details

3
OSV
High severity vulnerability that affects Microsoft.AspNetCore.Mvc2018-10-16
GHSA
High severity vulnerability that affects Microsoft.AspNetCore.Mvc2018-10-16
CVEList
CVE-2017-0249: An elevation of privilege vulnerability exists when the ASP2017-05-12

💬Community

3
Bugzilla
CVE-2016-7033 JBoss bpms: stored XSS in dashbuilder2016-09-06
Bugzilla
CVE-2016-6344 JBoss bpms 6.3.x cookie does not set httponly2016-08-31
Bugzilla
CVE-2016-4434 tika: XML External Entity vulnerability2016-05-27
CVE-2017-0249 (HIGH CVSS 7.3) | An elevation of privilege vulnerabi | cvebase.io