Home Unlabelled IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix

IBM Security Bulletin: Multiple vulnerabilities may affect ASP.NET Core in IBM Bluemix

By
Saturday, August 19, 2017
Read
Add Comment

Aug 19, 2017 10:00 am EDT

Categorized: High Severity

Share this post:

Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege. Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs.

CVE(s): CVE-2017-0256, CVE-2017-0249, CVE-2017-0247, CVE-2017-1000381, CVE-2017-11499

Affected product(s) and affected version(s):

These vulnerabilities affect ASP.NET Core in IBM Bluemix v1.0.21 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh -c cat staging_info.yml

Look for the following lines:
{“detected_buildpack”:”ASP.NET Core (buildpack-v1.xxx)”,”start_command”:”cd . \u0026\u0026 dotnet dotnetstarter.dll –server.urls http://0.0.0.0:${PORT}”}

If the buildpack version is not at least v1.0.22 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2uQcH8T
X-Force Database: http://ift.tt/2vRZGJq
X-Force Database: http://ift.tt/2wbg5Ls
X-Force Database: http://ift.tt/2vSm3y4
X-Force Database: http://ift.tt/2h8Xc5H
X-Force Database: http://ift.tt/2h8Xb1D



from IBM Product Security Incident Response Team http://ift.tt/2wcjKJ0
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us