CVE-2018-0808

5 documents5 sources

Severity

7.5HIGH

EPSS

12.8%

top 5.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Asp.net Core Microsoft Asp.net Core

Timeline

PublishedMar 14

Latest updateMay 13

Description

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/asp.net_core1.0, 1.1, 2.0+2

▶CVEListV5microsoft_corporation/asp.net_coreASP.NET Core 1.0. 1.1, and 2.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4f6j-pw77-g8r4: ASP↗2022-05-13

▶

CVEList

CVE-2018-0808: ASP↗2018-03-14

▶

📋Vendor Advisories

Microsoft

ASP.NET Core Denial of Service Vulnerability↗2018-03-13

▶