First published: Wed Mar 14 2018(Updated: )
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft ASP.NET Core | =1.0 | |
Microsoft ASP.NET Core | =1.1 | |
Microsoft ASP.NET Core | =2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0787 is a vulnerability in ASP.NET Core 1.0, 1.1, and 2.0 that allows an elevation of privilege due to how web requests are validated.
The severity of CVE-2018-0787 is high with a CVSS score of 8.8.
CVE-2018-0787 affects ASP.NET Core 1.0, 1.1, and 2.0.
To fix CVE-2018-0787, it is recommended to update to the latest version of ASP.NET Core.
More information about CVE-2018-0787 can be found on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/103282), [SecurityTracker](http://www.securitytracker.com/id/1040525), [GitHub](https://github.com/aspnet/Announcements/issues/295).