Vulnerabilities > CVE-2017-8700 - Unspecified vulnerability in Microsoft Asp.Net Core 1.0/1.1/2.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
microsoft

Summary

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".

Vulnerable Configurations

Part Description Count
Application
Microsoft
3

The Hacker News

idTHN:96CCD36932DBF3F5BEFCC18D4EC4E5C2
last seen2018-01-27
modified2017-11-15
published2017-11-14
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2017/11/microsoft-patch-tuesday.html
titlePatch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities