{"containers": {"cna": {"affected": [{"product": "ASP.NET Core", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "ASP.NET Core 1.0, 1.1, and 2.0"}]}], "datePublic": "2017-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\"."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-15T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"}, {"name": "1039793", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039793"}, {"name": "101712", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101712"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-8700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET Core", "version": {"version_data": [{"version_value": "ASP.NET Core 1.0, 1.1, and 2.0"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"}, {"name": "1039793", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039793"}, {"name": "101712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101712"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:41:24.271Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"}, {"name": "1039793", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039793"}, {"name": "101712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101712"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-8700", "datePublished": "2017-11-15T03:00:00Z", "dateReserved": "2017-05-03T00:00:00", "dateUpdated": "2024-09-16T19:56:33.698Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0913F82A-985A-401D-89F6-191684A8AB55", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8256236D-D4F0-4207-B82D-18B0135CEB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "345222C2-CD5B-4613-9FF3-9D034974D54F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\"."}, {"lang": "es", "value": "ASP.NET Core 1.0, 1.1 y 2.0 permiten que un atacante omita las configuraciones Cross-Origin Resource Sharing (CORS) y recupere contenidos normalmente restringidos de una aplicaci\u00f3n web. Esto tambi\u00e9n se conoce como \"ASP.NET Core Information Disclosure Vulnerability\"."}], "id": "CVE-2017-8700", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-15T03:29:02.060", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101712"}, {"source": "secure@microsoft.com", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039793"}, {"source": "secure@microsoft.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ASP.NET: CORS not properly applied", "id": "1512998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512998"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "status": "draft"}, "details": ["ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\".", "A flaw was found in dotNET where the CORS attribute is not properly enforced or checked. An attacker could leverage this for possible remote execution."], "name": "CVE-2017-8700", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:1.0", "fix_state": "Not affected", "package_name": "rh-dotnetcore10-dotnetcore", "product_name": ".NET Core 1.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:1.1", "fix_state": "Not affected", "package_name": "rh-dotnetcore11-dotnetcore", "product_name": ".NET Core 1.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:2.0", "fix_state": "Not affected", "package_name": "rh-dotnet20-dotnet", "product_name": ".NET Core 2.0 on Red Hat Enterprise Linux"}], "public_date": "2017-11-14T22:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-8700\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8700\nhttps://github.com/aspnet/Announcements/issues/279"], "threat_severity": "Moderate"}