Multiple vulnerabilities in Microsoft ASP.NET Core

Published: 2018-03-13 22:04:29
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2018-0808
CVE-2018-0787
CVE-2018-0875
CVSSv3 6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software ASP.NET Core MVC
Vulnerable software versions ASP.NET Core MVC 2.0
ASP.NET Core MVC 1.0.0
ASP.NET Core MVC 1.1.1
Vendor URL Microsoft

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in ASP.NET Core when handling malicious web requests. A remote attacker can issue specially crafted requests to the .NET Core application and cause a denial of service against an ASP.NET Core web application.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808

2) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to improper validation of web requests by a Kestrel web application. A remote attacker can send a specially crafted request, containing injected HTML, initiate a "password reset" email to the target user, trigger as soon as the target user opens the "password reset" e-mail and gain system privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787

3) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the way that .NET Core handles specially crafted requests. A remote attacker can send a small number of specially crafted requests to an .NET Core web application, trigger a hash collision and cause performance to degrade significantly enough to cause service crash.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875

Back to List