CVE-2017-0256
UNKNOWN
Published 2017-05-12T14:00:00
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-0256. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
GHSA-j8f4-2w4p-mhjcAdvisory Details
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Affected Packages
NuGet
Microsoft.AspNetCore.Mvc
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Core
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Core
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
System.Net.Http
ECOSYSTEM:
≥4.1.1
<4.1.2
NuGet
System.Net.Http
ECOSYSTEM:
≥4.3.1
<4.3.2
NuGet
System.Text.Encodings.Web
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Text.Encodings.Web
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.Http.WinHttpHandler
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.Http.WinHttpHandler
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.Security
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.Security
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.WebSockets.Client
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.WebSockets.Client
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
Microsoft.AspNetCore.Mvc.Abstractions
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Abstractions
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.ApiExplorer
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.ApiExplorer
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Cors
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Cors
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.DataAnnotations
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.DataAnnotations
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Json
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Json
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Xml
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Xml
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Localization
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Localization
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Razor.Host
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Razor.Host
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Razor
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Razor
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.TagHelpers
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.TagHelpers
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.ViewFeatures
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.ViewFeatures
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.WebApiCompatShim
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.WebApiCompatShim
ECOSYSTEM:
≥1.1.0
<1.1.3
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: October 16, 2018, Modified: July 1, 2021
Published: 2017-05-12T14:00:00
Last Modified: 2024-08-05T12:55:19.325Z
Copied to clipboard!