Lucene search

[email protected]CVE-2017-11879

HistoryNov 15, 2017 - 3:29 a.m.

CVE-2017-11879

2017-11-1503:29:00

CWE-601

[email protected]

web.nvd.nist.gov

cve-2017-11879

asp.net core 2.0

elevation of privilege

vulnerability

security

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka “ASP.NET Core Elevation Of Privilege Vulnerability”.

CPENameOperatorVersion
microsoft:asp.net_coremicrosoft asp.net coreeq2.0

CPE	Name	Operator	Version
microsoft:asp.net_core	microsoft asp.net core	eq	2.0

References

www.securityfocus.com/bid/101713

www.securitytracker.com/id/1039793

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879

Social References

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2017-11879

github1 cvelist1 prion1 mscve1 openvas1 osv2 veracode1 symantec1 nessus1 kaspersky2 threatpost1 trendmicroblog1 talosblog1