CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0CVE-2017-0249
https://notcve.org/view.php?id=CVE-2017-0249
12 May 2017 — An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Existe una vulnerabilidad de elevación de privilegios cuando el ASP.NET Core falla al desinfectar adecuadamente las solicitudes web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 101EXPL: 0CVE-2017-0256
https://notcve.org/view.php?id=CVE-2017-0256
12 May 2017 — A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. Se presenta una vulnerabilidad de suplantación de identidad cuando el Core de ASP.NET no puede sanear apropiadamente las peticiones web. • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 1CVE-2017-0247
https://notcve.org/view.php?id=CVE-2017-0247
12 May 2017 — A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range. Se presenta una vulnerabilidad ... • https://github.com/aspnet/Announcements/issues/239 • CWE-20: Improper Input Validation •