Sign-up

ID

VAR-201711-1053


CVE

CVE-2017-8700


TITLE

ASP.NET Core In Cross-Origin Resource Sharing Vulnerability that can be bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2017-010212

DESCRIPTION

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". An attacker can use this vulnerability to obtain sensitive information about the target system by submitting malicious input to the affected software. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. ASP.NET Core 1.0, and 1.1 are vulnerable

Trust: 3.06

sources: NVD: CVE-2017-8700 // JVNDB: JVNDB-2017-010212 // CNVD: CNVD-2017-37102 // CNNVD: CNNVD-201705-1077 // BID: 101712 // VULMON: CVE-2017-8700

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37102

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:1.0

Trust: 3.3

vendor:microsoftmodel:asp.net corescope:eqversion:1.1

Trust: 3.3

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 2.2

sources: CNVD: CNVD-2017-37102 // BID: 101712 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077 // NVD: CVE-2017-8700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8700
value: HIGH

Trust: 1.0

NVD: CVE-2017-8700
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37102
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-1077
value: HIGH

Trust: 0.6

VULMON: CVE-2017-8700
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8700
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-37102
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8700
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37102 // VULMON: CVE-2017-8700 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077 // NVD: CVE-2017-8700

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-010212 // NVD: CVE-2017-8700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1077

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-1077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010212

PATCH
title:CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700
Trust: 0.8
title:CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerabilityurl:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-8700
Trust: 0.8
title:Patch for Microsoft ASP.NET Core Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/108075
Trust: 0.6
title:Microsoft Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99815
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2017/11/15/november_patch_tuesday/
Trust: 0.2
title:Red Hat: CVE-2017-8700url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-8700
Trust: 0.1
title:Threatposturl:https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37102 // 
            
            
            
            VULMON: CVE-2017-8700 // 
            
            
            
            JVNDB: JVNDB-2017-010212 // 
            
            
            
            CNNVD: CNNVD-201705-1077

EXTERNAL IDS
db:NVDid:CVE-2017-8700
Trust: 3.4
db:BIDid:101712
Trust: 2.6
db:SECTRACKid:1039793
Trust: 1.7
db:JVNDBid:JVNDB-2017-010212
Trust: 0.8
db:CNVDid:CNVD-2017-37102
Trust: 0.6
db:CNNVDid:CNNVD-201705-1077
Trust: 0.6
db:VULMONid:CVE-2017-8700
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37102 // 
            
            
            
            VULMON: CVE-2017-8700 // 
            
            
            
            BID: 101712 // 
            
            
            
            JVNDB: JVNDB-2017-010212 // 
            
            
            
            CNNVD: CNNVD-201705-1077 // 
            
            
            
            NVD: CVE-2017-8700

REFERENCES
url:http://www.securityfocus.com/bid/101712
Trust: 2.3
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8700
Trust: 2.0
url:http://www.securitytracker.com/id/1039793
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8700
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2017/at170044.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8700
Trust: 0.8
url:http://technet.microsoft.com/security/bulletin/november
Trust: 0.6
url:http://www.microsoft.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55873
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37102 // 
            
            
            
            VULMON: CVE-2017-8700 // 
            
            
            
            BID: 101712 // 
            
            
            
            JVNDB: JVNDB-2017-010212 // 
            
            
            
            CNNVD: CNNVD-201705-1077 // 
            
            
            
            NVD: CVE-2017-8700

CREDITS
Microsoft
Trust: 0.3
sources:
            
            
            BID: 101712

SOURCES
db:CNVDid:CNVD-2017-37102
db:VULMONid:CVE-2017-8700
db:BIDid:101712
db:JVNDBid:JVNDB-2017-010212
db:CNNVDid:CNNVD-201705-1077
db:NVDid:CVE-2017-8700

LAST UPDATE DATE
2024-08-14T13:46:18.624000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37102date:2017-12-14T00:00:00
db:VULMONid:CVE-2017-8700date:2019-10-03T00:00:00
db:BIDid:101712date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010212date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201705-1077date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8700date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37102date:2017-12-14T00:00:00
db:VULMONid:CVE-2017-8700date:2017-11-15T00:00:00
db:BIDid:101712date:2017-11-14T00:00:00
db:JVNDBid:JVNDB-2017-010212date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201705-1077date:2017-05-24T00:00:00
db:NVDid:CVE-2017-8700date:2017-11-15T03:29:02.060