5 matches found
CVE-2018-8171
CVE-2018-8171 is a Security Feature Bypass in ASP.NET where the system fails to validate the number of incorrect login attempts. Affected components include ASP.NET, ASP.NET Core 1.x (1.0–1.1), and ASP.NET MVC 5.2. The root cause is improper login attempt validation, enabling an attacker to repea...
CVE-2014-4075
CVE-2014-4075 is an XSS vulnerability affecting System.Web.Mvc.dll in Microsoft ASP.NET MVC versions 2.0–5.1. Remote attackers could inject arbitrary script or HTML via crafted pages. The vulnerability arises from how user input is encoded/handled in ASP.NET MVC, per the NVD description. Mitigati...
CVE-2017-0256
CVE-2017-0256 describes a spoofing vulnerability in ASP.NET Core due to improper sanitization/validation of web requests. Affected: Microsoft ASP.NET Core (and IBM Bluemix deployments of ASP.NET Core). Underlying issue: input not properly filtered, enabling spoofing scenarios. Impact per sources ...
CVE-2017-0247
The CVE affects Microsoft ASP.NET Core: a DoS vulnerability caused by improper validation of web requests in the TextEncoder.EncodeCore function. It applies to ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3, where remote attackers could trigger DoS by exploiting incorrect calculation of the...
CVE-2017-0249
CVE-2017-0249 affects Microsoft ASP.NET Core. A vulnerability in which ASP.NET Core fails to properly sanitize web requests could allow elevation of privileges. Reported CVSS v3 base score 7.3 (HIGH) with NETWORK attack vector, LOW confidentiality/integrity/availability impact. Connected IBM bull...