CVE-2017-11879

Description

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Affected products

• Microsoft Corporation / ASP.NET CoreASP.NET Core 2.0 – ASP.NET Core 2.0

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879
• MISChttp://www.securityfocus.com/bid/101713
• MISChttp://www.securitytracker.com/id/1039793