CVE-2019-1075

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 38.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Asp.net Core
Timeline
PublishedJul 15
Latest updateMay 24

Description

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

NuGetMicrosoft.AspNetCore.All2.2.02.2.6+1
NuGetMicrosoft.AspNetCore.App2.2.02.2.6+1
NuGetMicrosoft.AspNetCore.Server.IIS2.2.02.2.6
NuGetMicrosoft.AspNetCore.Server.HttpSys2.2.02.2.6+1
CVEListV5microsoft/asp.net_core2.1, 2.2+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
Open redirect in ASP.NET Core2022-05-24
OSV
Open redirect in ASP.NET Core2022-05-24
CVEList
CVE-2019-1075: A spoofing vulnerability exists in ASP2019-07-15

📋Vendor Advisories

1
Microsoft
ASP.NET Core Spoofing Vulnerability2019-07-09
CVE-2019-1075 (MEDIUM CVSS 6.1) | A spoofing vulnerability exists in | cvebase.io