CVE-2017-11879Open Redirect in Corporation Asp.net Core

CWE-601Open Redirect5 documents5 sources
Severity
8.8HIGHNVD
EPSS
9.8%
top 7.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation Asp.net CoreMicrosoft Asp.net Core
Timeline
PublishedNov 15
Latest updateMay 14

Description

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5microsoft_corporation/asp.net_coreASP.NET Core 2.0

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
OSV
Open redirect in ASP.NET Core2022-05-14
GHSA
Open redirect in ASP.NET Core2022-05-14
CVEList
CVE-2017-11879: ASP2017-11-15

📋Vendor Advisories

1
Microsoft
ASP.NET Core Elevation Of Privilege Vulnerability2017-11-14
CVE-2017-11879 — Open Redirect | cvebase