CVE-2018-8171

2018-07-1100:29:00

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka “ASP.NET Security Feature Bypass Vulnerability.” This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

CPENameOperatorVersion
aspnetcoreeq1.0.0-alpha3
aspnetcoreeq1.0.0-rc2
aspnetcoreeq1.0.0-beta4
aspnetcoreeq1.0.0-rc1-final
aspnetcoreeq1.0.0-beta5
aspnetcoreeq1.0.0-rc2-final
aspnetcoreeq1.0.0
aspnetcoreeq1.0.0-beta8
aspnetcoreeq1.0.0-rc1-update1
aspnetcoreeq1.0.0-beta6

Name	Operator	Version
aspnetcore	eq	1.0.0-alpha3
aspnetcore	eq	1.0.0-rc2
aspnetcore	eq	1.0.0-beta4
aspnetcore	eq	1.0.0-rc1-final
aspnetcore	eq	1.0.0-beta5
aspnetcore	eq	1.0.0-rc2-final
aspnetcore	eq	1.0.0
aspnetcore	eq	1.0.0-beta8
aspnetcore	eq	1.0.0-rc1-update1
aspnetcore	eq	1.0.0-beta6