CVE-2018-0785

Опубликовано: 10 янв. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".

Ссылки

http://www.securityfocus.com/bid/102379
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040151
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102379
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040151
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01924

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2018-0785

msrc

больше 7 лет назад

ASP.NET Core Cross Site Request Forgery Vulnerabilty

GHSA-8r33-7h89-2vmx