CVE-2018-0787
First published: Wed Mar 14 2018(Updated: )
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft ASP.NET Core | =1.0 | |
| Microsoft ASP.NET Core | =1.1 | |
| Microsoft ASP.NET Core | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0787?
CVE-2018-0787 is a vulnerability in ASP.NET Core 1.0, 1.1, and 2.0 that allows an elevation of privilege due to how web requests are validated.
What is the severity of CVE-2018-0787?
The severity of CVE-2018-0787 is high with a CVSS score of 8.8.
How does CVE-2018-0787 affect ASP.NET Core?
CVE-2018-0787 affects ASP.NET Core 1.0, 1.1, and 2.0.
How can I fix CVE-2018-0787?
To fix CVE-2018-0787, it is recommended to update to the latest version of ASP.NET Core.
Where can I find more information about CVE-2018-0787?
More information about CVE-2018-0787 can be found on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/103282), [SecurityTracker](http://www.securitytracker.com/id/1040525), [GitHub](https://github.com/aspnet/Announcements/issues/295).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- vendor/microsoft
- canonical/microsoft asp.net core
- version/microsoft asp.net core/1.0
- version/microsoft asp.net core/1.1
- version/microsoft asp.net core/2.0