Home

CVE-2017-0249

Description

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Risk Information

Base Score
7.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
5.786

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http 4.1.2Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http 4.3.2Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http.WinHttpHandler 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http.WinHttpHandler 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client 4.0.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client 4.3.1Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim 1.1.3Windows
Vulnerabilities CVE-2017-0249 are affected in Nuget - DisCatSharp 9.8.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host 1.0.4Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host 1.1.3Windows
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Core for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http for Linux 4.1.2Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http for Linux 4.3.2Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Text.Encodings.Web for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http.WinHttpHandler for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Http.WinHttpHandler for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.Security for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client for Linux 4.0.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - System.Net.WebSockets.Client for Linux 4.3.1Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Abstractions for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Json for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Formatters.Xml for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Cors for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ApiExplorer for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.DataAnnotations for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Localization for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.TagHelpers for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.ViewFeatures for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.WebApiCompatShim for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0249 are affected in Nuget - DisCatSharp for Linux 9.8.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor for Linux 1.1.3Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host for Linux 1.0.4Linux
Vulnerabilities CVE-2017-0248,CVE-2017-0247,CVE-2017-0256,CVE-2017-0249 are fixed in Nuget - Microsoft.AspNetCore.Mvc.Razor.Host for Linux 1.1.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234