VIR Vulnerability Intelligence Relay

CVE-2017-0249

high
Published 2017-05-12 · Modified 2023-11-08
CVSS v3
7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS v2
7.5
VIR risk
7.3

Description

High severity vulnerability that affects Microsoft.AspNetCore.Mvc

Predictions

Exploit likelihood
82%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact
EcosystemPackageVulnerableFixed
nuget NuGetMicrosoft.AspNetCore.Mvc>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Core>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Core>=1.1.0,<1.1.31.1.3
nuget NuGetSystem.Net.Http>=4.1.1,<4.1.24.1.2
nuget NuGetSystem.Net.Http>=4.3.1,<4.3.24.3.2
nuget NuGetSystem.Text.Encodings.Web>=4.0.0,<4.0.14.0.1
nuget NuGetSystem.Text.Encodings.Web>=4.3.0,<4.3.14.3.1
nuget NuGetSystem.Net.Http.WinHttpHandler>=4.0.0,<4.0.14.0.1
nuget NuGetSystem.Net.Http.WinHttpHandler>=4.3.0,<4.3.14.3.1
nuget NuGetSystem.Net.Security>=4.0.0,<4.0.14.0.1
nuget NuGetSystem.Net.Security>=4.3.0,<4.3.14.3.1
nuget NuGetSystem.Net.WebSockets.Client>=4.0.0,<4.0.14.0.1
nuget NuGetSystem.Net.WebSockets.Client>=4.3.0,<4.3.14.3.1
nuget NuGetMicrosoft.AspNetCore.Mvc.Abstractions>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Abstractions>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.ApiExplorer>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.ApiExplorer>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Cors>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Cors>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.DataAnnotations>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.DataAnnotations>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Formatters.Json>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Formatters.Json>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Formatters.Xml>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Formatters.Xml>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Localization>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Localization>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Razor.Host>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Razor.Host>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.Razor>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.Razor>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.TagHelpers>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.TagHelpers>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.ViewFeatures>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.ViewFeatures>=1.1.0,<1.1.31.1.3
nuget NuGetMicrosoft.AspNetCore.Mvc.WebApiCompatShim>=1.0.0,<1.0.41.0.4
nuget NuGetMicrosoft.AspNetCore.Mvc.WebApiCompatShim>=1.1.0,<1.1.31.1.3
nuget NuGetDisCatSharp<=9.8.3

Application impact
VendorProductVersionsFixed
windows microsoftasp.net_model_view_controller1.0.0
windows microsoftasp.net_model_view_controller1.0.1
windows microsoftasp.net_model_view_controller1.0.2
windows microsoftasp.net_model_view_controller1.0.3
windows microsoftasp.net_model_view_controller1.1.0
windows microsoftasp.net_model_view_controller1.1.1
windows microsoftasp.net_model_view_controller1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.abstractions1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.apiexplorer1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.cors1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.cors1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.cors1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.cors1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.cors1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.cors1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.cors1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.dataannotations1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.formatters.json1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.formatters.xml1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.localization1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.localization1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.localization1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.localization1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.localization1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.localization1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.localization1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.razor1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.razor1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.razor1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.razor1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.razor1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.razor1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.razor1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.razor.host1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.taghelpers1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.viewfeatures1.1.2
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.0.0
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.0.1
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.0.2
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.0.3
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.1.0
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.1.1
windows microsoftmicrosoft.aspnetcore.mvc.webapicompatshim1.1.2
windows microsoftsystem.net.http4.1.1
windows microsoftsystem.net.http4.3.1
windows microsoftsystem.net.http.winhttphandler4.0.1
windows microsoftsystem.net.http.winhttphandler4.3.0
windows microsoftsystem.net.security4.0.0
windows microsoftsystem.net.security4.3.0
windows microsoftsystem.net.websockets.client4.0.0
windows microsoftsystem.net.websockets.client4.3.0
windows microsoftsystem.text.encodings.web4.0.0
windows microsoftsystem.text.encodings.web4.3.0

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.