Asp Net Model View Controller
CVE-2017-0256
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
AnalysisAI
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Affected products include: Microsoft Asp.Net Model View Controller, Microsoft Microsoft.Aspnetcore.Mvc.Abstractions, Microsoft Microsoft.Aspnetcore.Mvc.Apiexplorer, Microsoft Microsoft.Aspnetcore.Mvc.Cors, Microsoft Microsoft.Aspnetcore.Mvc.Dataannotations.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. Rated high sever
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Rated high
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 thro
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated,
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today