ID

VAR-201803-1625


CVE

CVE-2018-0808


TITLE

ASP.NET Core Vulnerability in which privileges are elevated

Trust: 0.8

sources: JVNDB: JVNDB-2018-002559

DESCRIPTION

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. This vulnerability CVE-2018-0784 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends

Trust: 3.06

sources: NVD: CVE-2018-0808 // JVNDB: JVNDB-2018-002559 // CNVD: CNVD-2018-06803 // CNNVD: CNNVD-201803-533 // BID: 103226 // VULMON: CVE-2018-0808

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06803

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 3.3

vendor:microsoftmodel:asp.net corescope:eqversion:1.1

Trust: 1.6

vendor:microsoftmodel:asp.net corescope:eqversion:1.0

Trust: 1.6

sources: CNVD: CNVD-2018-06803 // BID: 103226 // JVNDB: JVNDB-2018-002559 // CNNVD: CNNVD-201803-533 // NVD: CVE-2018-0808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0808
value: HIGH

Trust: 1.0

NVD: CVE-2018-0808
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06803
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-533
value: HIGH

Trust: 0.6

VULMON: CVE-2018-0808
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0808
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06803
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0808
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06803 // VULMON: CVE-2018-0808 // JVNDB: JVNDB-2018-002559 // CNNVD: CNNVD-201803-533 // NVD: CVE-2018-0808

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-002559 // NVD: CVE-2018-0808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-533

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-533

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002559

PATCH

title:CVE-2018-0808 | ASP.NET Core Denial of Service Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808

Trust: 0.8

title:CVE-2018-0808 | ASP.NET Core のサービス拒否の脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0808

Trust: 0.8

title:Patch for Microsoft ASP.NET Core Denial of Service Vulnerability (CNVD-2018-06803)url:https://www.cnvd.org.cn/patchInfo/show/124403

Trust: 0.6

title:Microsoft ASP.NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79182

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2018/03/13/patch_tuesday_march_2018/

Trust: 0.2

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/microsoft/microsoft-march-patch-tuesday-fixes-74-security-issues/

Trust: 0.1

sources: CNVD: CNVD-2018-06803 // VULMON: CVE-2018-0808 // JVNDB: JVNDB-2018-002559 // CNNVD: CNNVD-201803-533

EXTERNAL IDS

db:NVDid:CVE-2018-0808

Trust: 3.4

db:BIDid:103226

Trust: 2.6

db:SECTRACKid:1040504

Trust: 1.7

db:JVNDBid:JVNDB-2018-002559

Trust: 0.8

db:CNVDid:CNVD-2018-06803

Trust: 0.6

db:CNNVDid:CNNVD-201803-533

Trust: 0.6

db:VULMONid:CVE-2018-0808

Trust: 0.1

sources: CNVD: CNVD-2018-06803 // VULMON: CVE-2018-0808 // BID: 103226 // JVNDB: JVNDB-2018-002559 // CNNVD: CNNVD-201803-533 // NVD: CVE-2018-0808

REFERENCES

url:http://www.securityfocus.com/bid/103226

Trust: 2.3

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0808

Trust: 2.0

url:http://www.securitytracker.com/id/1040504

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-0808

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0808

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20180314-ms.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2018/at180011.html

Trust: 0.8

url:http://www.microsoft.com/net/

Trust: 0.3

url:http://www.microsoft.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103226

Trust: 0.1

sources: CNVD: CNVD-2018-06803 // VULMON: CVE-2018-0808 // BID: 103226 // JVNDB: JVNDB-2018-002559 // CNNVD: CNNVD-201803-533 // NVD: CVE-2018-0808

CREDITS

Andrei Gorlov

Trust: 0.3

sources: BID: 103226

SOURCES

db:CNVDid:CNVD-2018-06803
db:VULMONid:CVE-2018-0808
db:BIDid:103226
db:JVNDBid:JVNDB-2018-002559
db:CNNVDid:CNNVD-201803-533
db:NVDid:CVE-2018-0808

LAST UPDATE DATE

2024-08-14T14:33:13.995000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-06803date:2018-03-30T00:00:00
db:VULMONid:CVE-2018-0808date:2019-10-03T00:00:00
db:BIDid:103226date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-002559date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201803-533date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0808date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-06803date:2018-03-30T00:00:00
db:VULMONid:CVE-2018-0808date:2018-03-14T00:00:00
db:BIDid:103226date:2018-03-13T00:00:00
db:JVNDBid:JVNDB-2018-002559date:2018-04-18T00:00:00
db:CNNVDid:CNNVD-201803-533date:2018-03-15T00:00:00
db:NVDid:CVE-2018-0808date:2018-03-14T17:29:00.433