Detections
Analytics
Security Updates for Microsoft .NET Framework (January 2019)
high Nessus Plugin ID 121021
Language:
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :- An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross- origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. The security update addresses the vulnerability by enforcing CORS configuration to prevent its bypass. (CVE-2019-0545)
Solution
Microsoft has released security updates for Microsoft .NET Framework.See Also
http://www.nessus.org/u?108c06e5
http://www.nessus.org/u?ed198bfb
http://www.nessus.org/u?f7193a7a
http://www.nessus.org/u?dd77a736
http://www.nessus.org/u?7ce18754
http://www.nessus.org/u?3d86e600
http://www.nessus.org/u?3b934049
http://www.nessus.org/u?3b2464f5
http://www.nessus.org/u?55d97d9f
http://www.nessus.org/u?2d3f019a
http://www.nessus.org/u?0d50458c
http://www.nessus.org/u?99cd605a
http://www.nessus.org/u?24688942
http://www.nessus.org/u?c30a330a
http://www.nessus.org/u?9348fa78
http://www.nessus.org/u?4d06d714
http://www.nessus.org/u?a8bd0dec
http://www.nessus.org/u?8aa7a1c6
http://www.nessus.org/u?035a9903
http://www.nessus.org/u?fb3b1b47
http://www.nessus.org/u?355994f6
http://www.nessus.org/u?ba6bb054
http://www.nessus.org/u?5bc42785
http://www.nessus.org/u?70f483ef
Plugin Details
Severity: High
ID: 121021
File Name: smb_nt_ms19_jan_dotnet.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 1/8/2019
Updated: 10/31/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2019-0545
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:.net_framework
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 1/8/2019
Vulnerability Publication Date: 1/8/2019
Reference Information
CVE: CVE-2019-0545
MSFT: MS19-4480051, MS19-4480054, MS19-4480055, MS19-4480056, MS19-4480057, MS19-4480058, MS19-4480059, MS19-4480061, MS19-4480062, MS19-4480063, MS19-4480064, MS19-4480070, MS19-4480071, MS19-4480072, MS19-4480074, MS19-4480075, MS19-4480076, MS19-4480083, MS19-4480084, MS19-4480085, MS19-4480086, MS19-4480961, MS19-4480962, MS19-4480966, MS19-4480973, MS19-4480978
MSKB: 4480051, 4480054, 4480055, 4480056, 4480057, 4480058, 4480059, 4480061, 4480062, 4480063, 4480064, 4480070, 4480071, 4480072, 4480074, 4480075, 4480076, 4480083, 4480084, 4480085, 4480086, 4480961, 4480962, 4480966, 4480973, 4480978