Security Updates for Microsoft .NET Framework (January 2019)

high Nessus Plugin ID 121021

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?dd77a736

http://www.nessus.org/u?7ce18754

http://www.nessus.org/u?3d86e600

http://www.nessus.org/u?3b934049

http://www.nessus.org/u?3b2464f5

http://www.nessus.org/u?55d97d9f

http://www.nessus.org/u?2d3f019a

http://www.nessus.org/u?0d50458c

http://www.nessus.org/u?99cd605a

http://www.nessus.org/u?24688942

http://www.nessus.org/u?c30a330a

http://www.nessus.org/u?9348fa78

http://www.nessus.org/u?4d06d714

http://www.nessus.org/u?a8bd0dec

http://www.nessus.org/u?8aa7a1c6

http://www.nessus.org/u?035a9903

http://www.nessus.org/u?fb3b1b47

http://www.nessus.org/u?355994f6

http://www.nessus.org/u?ba6bb054

http://www.nessus.org/u?5bc42785

http://www.nessus.org/u?70f483ef

http://www.nessus.org/u?6c2a08ec

http://www.nessus.org/u?82c64296

http://www.nessus.org/u?108c06e5

http://www.nessus.org/u?ed198bfb

http://www.nessus.org/u?f7193a7a

Plugin Details

Severity: High

ID: 121021

File Name: smb_nt_ms19_jan_dotnet.nasl

Version: 1.5

Type: local

Agent: windows

Published: 1/8/2019

Updated: 10/31/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-0545

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 1/8/2019

Vulnerability Publication Date: 1/8/2019

Reference Information

CVE: CVE-2019-0545

MSFT: MS19-4480051, MS19-4480054, MS19-4480055, MS19-4480056, MS19-4480057, MS19-4480058, MS19-4480059, MS19-4480061, MS19-4480062, MS19-4480063, MS19-4480064, MS19-4480070, MS19-4480071, MS19-4480072, MS19-4480074, MS19-4480075, MS19-4480076, MS19-4480083, MS19-4480084, MS19-4480085, MS19-4480086, MS19-4480961, MS19-4480962, MS19-4480966, MS19-4480973, MS19-4480978

MSKB: 4480051, 4480054, 4480055, 4480056, 4480057, 4480058, 4480059, 4480061, 4480062, 4480063, 4480064, 4480070, 4480071, 4480072, 4480074, 4480075, 4480076, 4480083, 4480084, 4480085, 4480086, 4480961, 4480962, 4480966, 4480973, 4480978