Security Updates for Microsoft .NET Framework (August 2018)

high Nessus Plugin ID 111693

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream.
(CVE-2018-8360)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?cb3801fe

http://www.nessus.org/u?9ab9852e

http://www.nessus.org/u?f052611d

http://www.nessus.org/u?770b7995

http://www.nessus.org/u?e04d903e

http://www.nessus.org/u?e98b4c8a

http://www.nessus.org/u?7d39617b

http://www.nessus.org/u?088c4696

http://www.nessus.org/u?9775d00a

http://www.nessus.org/u?d0e06c76

http://www.nessus.org/u?44da5a9a

http://www.nessus.org/u?c14a7305

http://www.nessus.org/u?17554e6e

http://www.nessus.org/u?8618865f

http://www.nessus.org/u?dd8bc23c

http://www.nessus.org/u?93e63484

http://www.nessus.org/u?2be0b30b

http://www.nessus.org/u?3356f605

http://www.nessus.org/u?09b4cda4

http://www.nessus.org/u?5d44cd3a

http://www.nessus.org/u?28c48173

http://www.nessus.org/u?cd89d90f

http://www.nessus.org/u?2837f4a2

http://www.nessus.org/u?bf699f3a

http://www.nessus.org/u?124e7bc7

Plugin Details

Severity: High

ID: 111693

File Name: smb_nt_ms18_aug_dotnet.nasl

Version: 1.6

Type: local

Agent: windows

Published: 8/14/2018

Updated: 11/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-8360

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/14/2018

Vulnerability Publication Date: 8/14/2018

Reference Information

CVE: CVE-2018-8360

BID: 104986

MSFT: MS18-4343885, MS18-4343887, MS18-4343892, MS18-4343897, MS18-4343909, MS18-4344144, MS18-4344145, MS18-4344146, MS18-4344147, MS18-4344148, MS18-4344149, MS18-4344150, MS18-4344151, MS18-4344152, MS18-4344153, MS18-4344165, MS18-4344166, MS18-4344167, MS18-4344171, MS18-4344172, MS18-4344173, MS18-4344175, MS18-4344176, MS18-4344177, MS18-4344178

MSKB: 4343885, 4343887, 4343892, 4343897, 4343909, 4344144, 4344145, 4344146, 4344147, 4344148, 4344149, 4344150, 4344151, 4344152, 4344153, 4344165, 4344166, 4344167, 4344171, 4344172, 4344173, 4344175, 4344176, 4344177, 4344178