Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1512998 - (CVE-2017-8700) CVE-2017-8700 ASP.NET: CORS not properly applied
CVE-2017-8700 ASP.NET: CORS not properly applied
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20171114:2200,...
: Security
Depends On: 1513083 1513084 1513085
Blocks: 1512757
  Show dependency treegraph
 
Reported: 2017-11-14 10:00 EST by Trevor Jay
Modified: 2018-02-12 04:11 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in dotNET where the CORS attribute is not properly enforced or checked. An attacker could leverage this for possible remote execution.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-01 06:21:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Trevor Jay 2017-11-14 10:00:44 EST 

    


      




        
          Comment 3
        

        
          Tomas Hoger

        

        
          2017-12-01 06:21:25 EST
        
      


      


    
      


This issue did not affected .NET Core, but affected ASP.NET Core.  More details can be found in the upstream Microsoft advisories:

https://github.com/aspnet/Announcements/issues/279
https://github.com/aspnet/Mvc/issues/7054
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700

    


      




        
          Comment 4
        

        
          Tomas Hoger

        

        
          2017-12-01 06:22:10 EST
        
      


      


    
      


External References:

https://github.com/aspnet/Announcements/issues/279

    



  









  


    

      

        

          
            

              Note
              You need to
              log in
              before you can comment on or make changes to this bug.
            

          		
        
 
      

  
        











  
  First
  Last
  Prev
  Next
    
  This bug is not in your last
    search results.