Multiple vulnerabilities in Microsoft ASP.NET Core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-0808 CVE-2018-0787 CVE-2018-0875 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
ASP.NET Core MVC Universal components / Libraries / Software for developers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU11027
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-0808
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in ASP.NET Core when handling malicious web requests. A remote attacker can issue specially crafted requests to the .NET Core application and cause a denial of service against an ASP.NET Core web application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsASP.NET Core MVC: 2.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Privilege escalation
EUVDB-ID: #VU11028
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0787
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to improper validation of web requests by a Kestrel web application. A remote attacker can send a specially crafted request, containing injected HTML, initiate a "password reset" email to the target user, trigger as soon as the target user opens the "password reset" e-mail and gain system privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsASP.NET Core MVC: 2.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU11030
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0875
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the way that .NET Core handles specially crafted requests. A remote attacker can send a small number of specially crafted requests to an .NET Core web application, trigger a hash collision and cause performance to degrade significantly enough to cause service crash.
Install updates from vendor's website.
Vulnerable software versionsASP.NET Core MVC: 1.0.0 - 2.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
