Описание
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.21427
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.7
redhat
больше 7 лет назад
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
CVSS3: 7.5
github
около 3 лет назад
Cross-origin Resource Sharing bypass in ASP.NET Core
EPSS
Процентиль: 95%
0.21427
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo