Multiple vulnerabilities in Microsoft ASP.NET Core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-11883 CVE-2017-11879 CVE-2017-8700 CVE-2017-11770 |
| CWE-ID | CWE-20 CWE-601 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
ASP.NET Core MVC Universal components / Libraries / Software for developers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU9306
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-11883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of web requests by ASP.NET Core. A remote attacker can issue specially crafted requests to the .NET Core application and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
ASP.NET Core MVC: 1.0.0 - 2.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Open redirect
EUVDB-ID: #VU9307
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11879
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The vulnerability exists due to insufficient sanitization of untrusted input data when performing redirects to external websites. A remote attacker can create a specially crafted URL, redirect users to the malicious websites and gain system privileges.
Install update from vendor's website.
ASP.NET Core MVC: 2.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU9308
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-8700
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to improper access control. A remote attacker can bypass Cross-origin Resource Sharing (CORS) configurations and retrieve restricted content from a web application.
Mitigation
Install update from vendor's website.
ASP.NET Core MVC: 1.0.0 - 1.1.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Improper input validation
EUVDB-ID: #VU9309
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11770
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of parsing certificate data by .NET Core. A remote attacker can provide a specially crafted certificate to the .NET Core application and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website.
ASP.NET Core MVC: 1.0.0 - 2.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
