A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
|
Microsoft
Subscribe
|
Asp.net Model View Controller
Subscribe
Microsoft.aspnetcore.mvc.abstractions
Subscribe
Microsoft.aspnetcore.mvc.apiexplorer
Subscribe
Microsoft.aspnetcore.mvc.cors
Subscribe
Microsoft.aspnetcore.mvc.dataannotations
Subscribe
Microsoft.aspnetcore.mvc.formatters.json
Subscribe
Microsoft.aspnetcore.mvc.formatters.xml
Subscribe
Microsoft.aspnetcore.mvc.localization
Subscribe
Microsoft.aspnetcore.mvc.razor
Subscribe
Microsoft.aspnetcore.mvc.razor.host
Subscribe
Microsoft.aspnetcore.mvc.taghelpers
Subscribe
Microsoft.aspnetcore.mvc.viewfeatures
Subscribe
Microsoft.aspnetcore.mvc.webapicompatshim
Subscribe
System.net.http
Subscribe
System.net.http.winhttphandler
Subscribe
System.net.security
Subscribe
System.net.websockets.client
Subscribe
System.text.encodings.web
Subscribe
|
Configuration 1 [-]
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2018-0627 | A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. |
 Github GHSA |
GHSA-j8f4-2w4p-mhjc | Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://github.com/aspnet/Announcements/issues/239 |
|
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: microsoft
Published:
Updated: 2024-08-05T12:55:19.325Z
Reserved: 2016-09-09T00:00:00
Link: CVE-2017-0256
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2017-05-12T14:29:04.457
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-0256
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses