CVE-2018-0787

CWE-6405 documents5 sources

Severity

8.8HIGH

EPSS

17.5%

top 4.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Asp.net Core Microsoft Asp.net Core

Timeline

PublishedMar 14

Latest updateOct 16

Description

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NuGetMicrosoft.AspNetCore.HttpOverrides2.0.0 — 2.0.2

▶NuGetMicrosoft.AspNetCore.Server.Kestrel.Core2.0.0 — 2.0.2

▶NVDmicrosoft/asp.net_core1.0, 1.1, 2.0+2

▶CVEListV5microsoft_corporation/asp.net_coreASP.NET Core 1.0. 1.1, and 2.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

ASP.NET Core allow an elevation of privilege↗2018-10-16

▶

OSV

ASP.NET Core allow an elevation of privilege↗2018-10-16

▶

CVEList

CVE-2018-0787: ASP↗2018-03-14

▶

📋Vendor Advisories

Microsoft

ASP.NET Core Elevation of Privilege Vulnerability↗2018-03-13

▶