logo

Database

Account Takeover In microsoft.aspnetcore.server.kestrel.core

Description

ASP.NET Core allow an elevation of privilege ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-07872. NVD-2018-07873. OSV-2018-07874. GHSA-365p-96qv-xr7g5. GCVE-2018-07876. PORTAL-CVE-2018-0787

References

1. https://github.com/aspnet/Announcements/issues/2952. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-07873. http://www.securityfocus.com/bid/1032824. http://www.securitytracker.com/id/1040525

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.