High severity8.8NVD Advisory· Published Nov 15, 2017· Updated Jun 17, 2026
CVE-2017-11879
CVE-2017-11879
Description
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.AllNuGet | >= 2.0.0, < 2.0.3 | 2.0.3 |
Microsoft.AspNetCore.Mvc.CoreNuGet | >= 2.0.0, < 2.0.1 | 2.0.1 |
Affected products
4- cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 2.0.0, < 2.0.3+ 1 more
- (no CPE)range: >= 2.0.0, < 2.0.3
- (no CPE)range: >= 2.0.0, < 2.0.1
- Microsoft Corporation/ASP.NET Corev5Range: ASP.NET Core 2.0
Patches
Vulnerability mechanics
References
7- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879nvdIssue TrackingPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/101713nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039793nvdIssue TrackingThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-3wcj-rg8q-9cqvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11879ghsaADVISORY
- github.com/aspnet/Announcements/issues/277ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
News mentions
0No linked articles in our index yet.