CVE-2017-8700

12 documents8 sources

Severity

7.5HIGH

EPSS

7.5%

top 8.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Asp.net Core Microsoft Asp.net Core

Timeline

PublishedNov 15

Latest updateMay 13

Description

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NuGetMicrosoft.AspNetCore.Mvc.Cors1.0.0 — 1.0.6+1

▶NuGetMicrosoft.AspNetCore.Mvc.Core1.0.0 — 1.0.6+1

▶NVDmicrosoft/asp.net_core1.0, 1.1, 2.0+2

▶CVEListV5microsoft_corporation/asp.net_coreASP.NET Core 1.0, 1.1, and 2.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

Cross-origin Resource Sharing bypass in ASP.NET Core↗2022-05-13

▶

GHSA

Cross-origin Resource Sharing bypass in ASP.NET Core↗2022-05-13

▶

CVEList

CVE-2017-8700: ASP↗2017-11-15

▶

📋Vendor Advisories

Red Hat

ASP.NET: CORS not properly applied↗2017-11-14

▶

Microsoft

ASP.NET Core Information Disclosure Vulnerability↗2017-11-14

▶

🕵️Threat Intelligence

Qualys

November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update↗2017-11-14

▶

💬Community

Bugzilla

CVE-2017-8700 ASP.NET: CORS not properly applied↗2017-11-14

▶

Bugzilla

CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple ↗2016-10-17

▶