Published: 15/11/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

ASP.NET Core 1.0, 1.1, and 2.0 allow an malicious user to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".

Vendor Advisories

A flaw was found in dotNET where the CORS attribute is not properly enforced or checked An attacker could leverage this for possible remote execution ...

Recent Articles

It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros
The Register • Shaun Nichols in San Francisco • 15 Nov 2017

Not enough? How about a few dozen PDF remote code holes?

Microsoft and Adobe are getting into the holiday spirit this month by gorging users and admins with a glut of security fixes.
The November of Patch Tuesday brings fixes for more than 130 bugs between the two software giants for products including IE, Edge, Office, Flash Player and Acrobat.
Microsoft's patch dump addresses a total 53 CVE-listed vulnerabilities, including three that already have been publicly detailed. Those include CVE-2017-11827, a memory corruption flaw in Edge and ...

Microsoft Patches 20 Critical Vulnerabilities
Threatpost • Tom Spring • 14 Nov 2017

Microsoft tackled 53 vulnerabilities with today’s Patch Tuesday bulletin. Remote code execution bugs dominated this month’s patches, representing 25 fixes. In total, 20 of Microsoft’s security fixes were rated critical.
Notable are four vulnerabilities with public exploits identified by Microsoft as CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700. But, according to an analysis of Patch Tuesday fixes by Qualys, none of the four are being used in active campaigns.<...

Microsoft November Patch Tuesday Fixes 53 Security Issues
BleepingComputer • Catalin Cimpanu • 14 Nov 2017

Microsoft has released security updates for several products as  part of the company's November 2017 Patch Tuesday, the company's monthly update train.
This month, the Patch Tuesday updates include fixes for 53 security bugs in applications such as the Windows OS, several Office offerings, Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core, and the Chackra Core browser engine.
Details about four vulnerabilities were published online before today's patches, but fortunately, n...