{"containers": {"cna": {"affected": [{"product": "ASP.NET", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"}, {"status": "affected", "version": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"}]}, {"product": "ASP.NET Core", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "1.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "2.0"}]}, {"product": "ASP.NET MVC 5.2", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Microsoft Visual Studio 2013 Update 5"}, {"status": "affected", "version": "Microsoft Visual Studio 2015 Update 3"}]}], "datePublic": "2018-07-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."}], "problemTypes": [{"descriptions": [{"description": "Security Feature Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-11T09:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1041267", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041267"}, {"name": "104659", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104659"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8171", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ASP.NET", "version": {"version_data": [{"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"}, {"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"}]}}, {"product_name": "ASP.NET Core", "version": {"version_data": [{"version_value": "1.0"}, {"version_value": "1.1"}, {"version_value": "2.0"}]}}, {"product_name": "ASP.NET MVC 5.2", "version": {"version_data": [{"version_value": "Microsoft Visual Studio 2013 Update 5"}, {"version_value": "Microsoft Visual Studio 2015 Update 3"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Security Feature Bypass"}]}]}, "references": {"reference_data": [{"name": "1041267", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041267"}, {"name": "104659", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104659"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:13.464Z"}, "title": "CVE Program Container", "references": [{"name": "1041267", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041267"}, {"name": "104659", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104659"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8171", "datePublished": "2018-07-11T00:00:00.000Z", "dateReserved": "2018-03-14T00:00:00.000Z", "dateUpdated": "2024-08-05T06:46:13.464Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0913F82A-985A-401D-89F6-191684A8AB55", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8256236D-D4F0-4207-B82D-18B0135CEB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "345222C2-CD5B-4613-9FF3-9D034974D54F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "72194690-5B02-4E16-81CE-8447790D67A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E601B5A5-E15B-43BD-98D7-20CBF28A55C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en ASP.NET cuando el n\u00famero de intentos de inicio de sesi\u00f3n incorrectos no se valida. Esto tambi\u00e9n se conoce como \"ASP.NET Security Feature Bypass Vulnerability\". Esto afecta a ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0 y ASP.NET MVC 5.2."}], "id": "CVE-2018-8171", "lastModified": "2024-11-21T04:13:23.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-11T00:29:00.320", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104659"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041267"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}