First published: Wed Nov 15 2017(Updated: )
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft ASP.NET Core | =2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11879 is an ASP.NET Core vulnerability that allows an attacker to steal login session information such as cookies or authentication tokens.
CVE-2017-11879 affects ASP.NET Core 2.0 by allowing an attacker to steal login session information through a specially crafted URL.
CVE-2017-11879 has a severity rating of 8.8 (high).
An attacker can exploit CVE-2017-11879 by using a specially crafted URL to steal login session information.
Yes, a fix is available for CVE-2017-11879. It is recommended to update to a patched version of ASP.NET Core 2.0.