KB 3137909: Vulnerabilities in ASP.NET Templates Could Allow Tampering

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has ASP.NET templates that are affected by
a cross-site request forgery vulnerability.

Description :

The remote Windows host has a version of Visual Studio installed that
has ASP.NET MVC5 or ASP.NET MVC6 project templates that are affected
by a cross-site request forgery (XSRF) vulnerability. ASP.NET projects
built from these templates will be affected by the XSRF vulnerability.

See also :

https://technet.microsoft.com/en-us/library/security/3137909
http://www.nessus.org/u?04aaa19c
http://www.nessus.org/u?346322b4

Solution :

Microsoft has released a patch for the Visual Studio 2015 ASP.NET
project templates for MVC5 and MVC6. For Visual Studio 2013, you must
manually update the templates as referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Windows

Nessus Plugin ID: 88699 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now