CVE-2017-8700

EPSS 10.5%

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 10.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Nov 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".

Affected products

Microsoft Corporation · ASP.NET Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700 http://www.securityfocus.com/bid/101712 http://www.securitytracker.com/id/1039793