Описание
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Technical DescriptionThird Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Technical DescriptionThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08682
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
EPSS
Процентиль: 92%
0.08682
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-640