CVE-2018-8171

Опубликовано: 11 июл. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.

Ссылки

http://www.securityfocus.com/bid/104659
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041267
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
Patch
Vendor Advisory
http://www.securityfocus.com/bid/104659
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041267
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16829

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-8171

msrc

больше 7 лет назад

ASP.NET Security Feature Bypass Vulnerability

GHSA-vhvh-528q-ff3p