1. Home
  2. CVE Database
  3. CVE-2017-0256
MEDIUM · 5.3

CVE-2017-0256

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Vulnerability Description

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MicrosoftAsp.Net Model View Controller1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Abstractions1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Apiexplorer1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Cors1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Dataannotations1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Formatters.Json1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Formatters.Xml1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Localization1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Razor1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Razor.Host1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Taghelpers1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Viewfeatures1.0.0
MicrosoftMicrosoft.Aspnetcore.Mvc.Webapicompatshim1.0.0
MicrosoftSystem.Net.Http4.1.1
MicrosoftSystem.Net.Http.Winhttphandler4.0.1
MicrosoftSystem.Net.Security4.0.0
MicrosoftSystem.Net.Websockets.Client4.0.0
MicrosoftSystem.Text.Encodings.Web4.0.0

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2017-0256?

CVE-2017-0256 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

How severe is CVE-2017-0256?

CVE-2017-0256 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-0256?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net Model View Controller, Microsoft Microsoft.Aspnetcore.Mvc.Abstractions, Microsoft Microsoft.Aspnetcore.Mvc.Apiexplorer, Microsoft Microsoft.Aspnetcore.Mvc.Cors, Microsoft Microsoft.Aspnetcore.Mvc.Dataannotations.