ID

VAR-201711-1053


CVE

CVE-2017-8700


TITLE

ASP.NET Core In Cross-Origin Resource Sharing Vulnerability that can be bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2017-010212

DESCRIPTION

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". An attacker can use this vulnerability to obtain sensitive information about the target system by submitting malicious input to the affected software. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. ASP.NET Core 1.0, and 1.1 are vulnerable

Trust: 3.06

sources: NVD: CVE-2017-8700 // JVNDB: JVNDB-2017-010212 // CNVD: CNVD-2017-37102 // CNNVD: CNNVD-201705-1077 // BID: 101712 // VULMON: CVE-2017-8700

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37102

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:1.0

Trust: 3.3

vendor:microsoftmodel:asp.net corescope:eqversion:1.1

Trust: 3.3

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 2.2

sources: CNVD: CNVD-2017-37102 // BID: 101712 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077 // NVD: CVE-2017-8700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8700
value: HIGH

Trust: 1.0

NVD: CVE-2017-8700
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37102
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-1077
value: HIGH

Trust: 0.6

VULMON: CVE-2017-8700
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8700
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-37102
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-8700
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37102 // VULMON: CVE-2017-8700 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077 // NVD: CVE-2017-8700

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-010212 // NVD: CVE-2017-8700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1077

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-1077

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010212

PATCH

title:CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700

Trust: 0.8

title:CVE-2017-8700 | ASP.NET Core Information Disclosure Vulnerabilityurl:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2017-8700

Trust: 0.8

title:Patch for Microsoft ASP.NET Core Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/108075

Trust: 0.6

title:Microsoft Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99815

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2017/11/15/november_patch_tuesday/

Trust: 0.2

title:Red Hat: CVE-2017-8700url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-8700

Trust: 0.1

title:Threatposturl:https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/microsoft-november-patch-tuesday-fixes-53-security-issues/

Trust: 0.1

sources: CNVD: CNVD-2017-37102 // VULMON: CVE-2017-8700 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077

EXTERNAL IDS

db:NVDid:CVE-2017-8700

Trust: 3.4

db:BIDid:101712

Trust: 2.6

db:SECTRACKid:1039793

Trust: 1.7

db:JVNDBid:JVNDB-2017-010212

Trust: 0.8

db:CNVDid:CNVD-2017-37102

Trust: 0.6

db:CNNVDid:CNNVD-201705-1077

Trust: 0.6

db:VULMONid:CVE-2017-8700

Trust: 0.1

sources: CNVD: CNVD-2017-37102 // VULMON: CVE-2017-8700 // BID: 101712 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077 // NVD: CVE-2017-8700

REFERENCES

url:http://www.securityfocus.com/bid/101712

Trust: 2.3

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-8700

Trust: 2.0

url:http://www.securitytracker.com/id/1039793

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8700

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20171115-ms.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2017/at170044.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-8700

Trust: 0.8

url:http://technet.microsoft.com/security/bulletin/november

Trust: 0.6

url:http://www.microsoft.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=55873

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/

Trust: 0.1

sources: CNVD: CNVD-2017-37102 // VULMON: CVE-2017-8700 // BID: 101712 // JVNDB: JVNDB-2017-010212 // CNNVD: CNNVD-201705-1077 // NVD: CVE-2017-8700

CREDITS

Microsoft

Trust: 0.3

sources: BID: 101712

SOURCES

db:CNVDid:CNVD-2017-37102
db:VULMONid:CVE-2017-8700
db:BIDid:101712
db:JVNDBid:JVNDB-2017-010212
db:CNNVDid:CNNVD-201705-1077
db:NVDid:CVE-2017-8700

LAST UPDATE DATE

2024-08-14T13:46:18.624000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-37102date:2017-12-14T00:00:00
db:VULMONid:CVE-2017-8700date:2019-10-03T00:00:00
db:BIDid:101712date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010212date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201705-1077date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8700date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-37102date:2017-12-14T00:00:00
db:VULMONid:CVE-2017-8700date:2017-11-15T00:00:00
db:BIDid:101712date:2017-11-14T00:00:00
db:JVNDBid:JVNDB-2017-010212date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201705-1077date:2017-05-24T00:00:00
db:NVDid:CVE-2017-8700date:2017-11-15T03:29:02.060