CVE-2018-0787

CVE Database · CVE-2018-0787

CVE-2018-0787

· N/AModified

CVSS v3.1

N/A

EPSS

9.68%

Published

Mar 14, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Weaknesses (CWE)

CWE-640

Affected Products (3)

microsoft · asp.net_corevulnerable

References (8)

http://www.securityfocus.com/bid/103282

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040525

Third Party AdvisoryVDB Entry

https://github.com/aspnet/Announcements/issues/295

Technical DescriptionThird Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787

PatchVendor Advisory

http://www.securityfocus.com/bid/103282

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040525

KEV Catalog EPSS Scores Vendors All CVEs