CVE-2018-0787

{"id": "CVE-2018-0787", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-03-14T17:29:00.370", "references": [{"url": "http://www.securityfocus.com/bid/103282", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1040525", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://github.com/aspnet/Announcements/issues/295", "tags": ["Technical Description", "Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\"."}, {"lang": "es", "value": "ASP.NET Core 1.0, 1.1 y 2.0 permite una vulnerabilidad de elevaci\u00f3n de privilegios debido a la forma en la que las aplicaciones web que se crean a partir de plantillas validan las peticiones web. Esto tambi\u00e9n se conoce como \"ASP.NET Core Elevation Of Privilege Vulnerability\"."}], "lastModified": "2018-04-11T15:07:12.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0913F82A-985A-401D-89F6-191684A8AB55"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8256236D-D4F0-4207-B82D-18B0135CEB4E"}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "345222C2-CD5B-4613-9FF3-9D034974D54F"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}