KB 3137909: Vulnerabilities in ASP.NET Templates Could Allow Tampering
Medium Nessus Plugin ID 88699
SynopsisThe remote Windows host has ASP.NET templates that are affected by a cross-site request forgery vulnerability.
DescriptionThe remote Windows host has a version of Visual Studio installed that has ASP.NET MVC5 or ASP.NET MVC6 project templates that are affected by a cross-site request forgery (XSRF) vulnerability. ASP.NET projects built from these templates will be affected by the XSRF vulnerability.
SolutionMicrosoft has released a patch for the Visual Studio 2015 ASP.NET project templates for MVC5 and MVC6. For Visual Studio 2013, you must manually update the templates as referenced in the vendor advisory.