Published: 15/11/2017 Updated: 01/02/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

ASP.NET Core 2.0 allows an malicious user to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Recent Articles

Microsoft Patches 20 Critical Vulnerabilities
Threatpost • Tom Spring • 14 Nov 2017

Microsoft tackled 53 vulnerabilities with today’s Patch Tuesday bulletin. Remote code execution bugs dominated this month’s patches, representing 25 fixes. In total, 20 of Microsoft’s security fixes were rated critical.
Notable are four vulnerabilities with public exploits identified by Microsoft as CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700. But, according to an analysis of Patch Tuesday fixes by Qualys, none of the four are being used in active campaigns.<...