Microsoft ASP.NET Core Privilege Escalation (March 2018)
Medium Nessus Plugin ID 111072
SynopsisThe Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
DescriptionThe remote Windows host has an installation of ASP.NET Core containing the packages HttpOverrides and/or Server.Kestrel.Core with versions 2.0.0 or 2.0.1 and therefore is affected by a privilege escalation vulnerability.
SolutionUpdate HttpOverrides and/or Server.Kestrel.Core to version 2.0.2, remove the vulnerable versions and refer to the vendor advisory.