Security Update ASP .NET Core January 2018
Medium Nessus Plugin ID 105796
SynopsisThe remote Windows host is affected by multiple ASP.NET Core runtime vulnerabilities.
DescriptionThe remote Windows host has an installation of ASP.NET Core runtime package store with a version less than 2.1.4.
Therefore the host is affected by multiple vulnerabilities :
- An elevation of privilege vulnerability due to improper sanitization of web requests (CVE-2018-0784)
- A cross-site request forgery that could allow an attacker to change the recovery codes of a victims account. (CVE-2018-0785)
SolutionDownload and update ASP .NET Core 2.1.4 runtime packages.