Vulnerability Description
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Asp.Net Core | 1.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103282Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040525Third Party AdvisoryVDB Entry
- https://github.com/aspnet/Announcements/issues/295Technical DescriptionThird Party Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787PatchVendor Advisory
- http://www.securityfocus.com/bid/103282Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040525Third Party AdvisoryVDB Entry
- https://github.com/aspnet/Announcements/issues/295Technical DescriptionThird Party Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787PatchVendor Advisory
FAQ
What is CVE-2018-0787?
CVE-2018-0787 is a vulnerability with a CVSS score of 8.8 (HIGH). ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege...
How severe is CVE-2018-0787?
CVE-2018-0787 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0787?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Asp.Net Core.